summaryrefslogtreecommitdiff
path: root/test/results/WebattackXSS.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/WebattackXSS.pcap.out')
-rw-r--r--test/results/WebattackXSS.pcap.out1414
1 files changed, 707 insertions, 707 deletions
diff --git a/test/results/WebattackXSS.pcap.out b/test/results/WebattackXSS.pcap.out
index 4490bccd8..81b7ae558 100644
--- a/test/results/WebattackXSS.pcap.out
+++ b/test/results/WebattackXSS.pcap.out
@@ -4,7 +4,7 @@
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283859,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935283859,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283960,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935283960,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4I5j3VaKHYJ4aAScSBLsAAAAgQFtAQCCAoD4pm+ATjIRwEDAwc="}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1499346935285304,"flow_dst_last_pkt_time":1499346935283960,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499346935285304,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wahAAD4GBDCsEAABwKgKMsuCAFAodgnhOY91W4AQAOXqtwAAAQEICgE4yEcD4pm+"}
-01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499346935283859,"flow_src_last_pkt_time":1499346935285308,"flow_dst_last_pkt_time":1499346935283960,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346935285308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01372{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499346935283859,"flow_src_last_pkt_time":1499346935285308,"flow_dst_last_pkt_time":1499346935283960,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346935285308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499346935343132,"flow_src_last_pkt_time":1499346935343132,"flow_dst_last_pkt_time":1499346935343132,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346935343132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1499346935343132,"flow_dst_last_pkt_time":1499346935343132,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935343132,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IaBAAD4GpDCsEAABwKgKMsuEAFAW1en2AAAAAKACchDI1AAAAgQFtAQCCAoBOMhWAAAAAAEDAwc="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1499346935343132,"flow_dst_last_pkt_time":1499346935343180,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935343180,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4Rgmy17FtXp96AScSCd7QAAAgQFtAQCCAoD4pnNATjIVgEDAwc="}
@@ -21,7 +21,7 @@
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1499346956870305,"flow_dst_last_pkt_time":1499346956870305,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346956870305,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DqpAAD4GtyasEAABwKgKMsvoAFDxddP2AAAAAKACchDuyQAAAgQFtAQCCAoBON1cAAAAAAEDAwc="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1499346956870305,"flow_dst_last_pkt_time":1499346956870429,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346956870429,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy+g57n8P8XXT96AScSCD9QAAAgQFtAQCCAoD4q7TATjdXAEDAwc="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1499346956871216,"flow_dst_last_pkt_time":1499346956870429,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499346956871216,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DqtAAD4Gty2sEAABwKgKMsvoAFDxddP3Oe5\/EIAQAOUi\/QAAAQEICgE43VwD4q7T"}
-01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499346956870305,"flow_src_last_pkt_time":1499346956871220,"flow_dst_last_pkt_time":1499346956870429,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346956871220,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01373{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499346956870305,"flow_src_last_pkt_time":1499346956871220,"flow_dst_last_pkt_time":1499346956870429,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346956871220,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499346956932508,"flow_src_last_pkt_time":1499346956932508,"flow_dst_last_pkt_time":1499346956932508,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346956932508,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1499346956932508,"flow_dst_last_pkt_time":1499346956932508,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346956932508,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nj9AAD4GJ5GsEAABwKgKMsvqAFAHDkNUAAAAAKACchBpwwAAAgQFtAQCCAoBON1rAAAAAAEDAwc="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1499346956932508,"flow_dst_last_pkt_time":1499346956932573,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346956932573,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy+qiErzRBw5DVaAScSBY+QAAAgQFtAQCCAoD4q7iATjdawEDAwc="}
@@ -34,12 +34,12 @@
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1499346957283356,"flow_dst_last_pkt_time":1499346957283502,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346957283502,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy\/7+F1DJk3pVMKAScSDJ8AAAAgQFtAQCCAoD4q86ATjdwwEDAwc="}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1499346957284023,"flow_dst_last_pkt_time":1499346957283476,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499346957284023,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0F6xAAD4GriysEAABwKgKMsv8AFD6Ecppc0a7\/oAQAOWsxgAAAQEICgE43cMD4q86"}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1499346957284024,"flow_dst_last_pkt_time":1499346957283502,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499346957284024,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iO1AAD4GPOusEAABwKgKMsv+AFCTelUw\/hdQyoAQAOVo+AAAAQEICgE43cMD4q86"}
-02248{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":95,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1499346956870305,"flow_src_last_pkt_time":1499346960890984,"flow_dst_last_pkt_time":1499346960891254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":7926,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":13653,"midstream":0,"thread_ts_usec":1499346960891254,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":4,"avg":259407.4,"max":2805230,"stddev":698816.2,"var":488344092672.0,"ent":2.4,"data": [124,911,4,880,1546,2266,23623,26506,34185,32207,1143,1040,156,926,221,412,39847,69861,111250,1094,61600,62698,1083,842694,846614,3833,131682,132698,1100,2804194,2805230]},"pktlen": {"min":52,"avg":572.0,"max":7978,"stddev":1374.1,"var":1888110.0,"ent":3.4,"data": [60,60,52,361,52,564,52,394,1184,417,793,440,1500,7978,52,52,52,52,363,557,52,393,557,52,611,415,52,409,573,52,52,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1],"entropies": [4.638340950,5.106241703,4.916693211,5.861679077,4.916693211,5.770593166,4.916693211,5.961223125,7.451019764,5.951989651,7.265627861,5.935786247,7.624871254,7.963999748,4.906957626,4.908878326,4.945419312,4.868495941,5.956186771,5.832140923,4.983880997,5.975498676,5.839316845,4.945419312,5.879628181,5.695242882,4.945419312,5.977171898,5.846479416,4.976374149,5.053297043,4.945418835]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02402{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":95,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1499346956870305,"flow_src_last_pkt_time":1499346960890984,"flow_dst_last_pkt_time":1499346960891254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":7926,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":13653,"midstream":0,"thread_ts_usec":1499346960891254,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":4,"avg":259407.4,"max":2805230,"stddev":698816.2,"var":488344092672.0,"ent":2.4,"data": [124,911,4,880,1546,2266,23623,26506,34185,32207,1143,1040,156,926,221,412,39847,69861,111250,1094,61600,62698,1083,842694,846614,3833,131682,132698,1100,2804194,2805230]},"pktlen": {"min":52,"avg":572.0,"max":7978,"stddev":1374.1,"var":1888110.0,"ent":3.4,"data": [60,60,52,361,52,564,52,394,1184,417,793,440,1500,7978,52,52,52,52,363,557,52,393,557,52,611,415,52,409,573,52,52,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1],"entropies": [4.638340950,5.106241703,4.916693211,5.861679077,4.916693211,5.770593166,4.916693211,5.961223125,7.451019764,5.951989651,7.265627861,5.935786247,7.624871254,7.963999748,4.906957626,4.908878326,4.945419312,4.868495941,5.956186771,5.832140923,4.983880997,5.975498676,5.839316845,4.945419312,5.879628181,5.695242882,4.945419312,5.977171898,5.846479416,4.976374149,5.053297043,4.945418835]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499346976603214,"flow_src_last_pkt_time":1499346976603214,"flow_dst_last_pkt_time":1499346976603214,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346976603214,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1499346976603214,"flow_dst_last_pkt_time":1499346976603214,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346976603214,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Un9AAD4Gc1GsEAABwKgKMsxKAFAevqLeAAAAAKACchDe8gAAAgQFtAQCCAoBOPChAAAAAAEDAwc="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1499346976603214,"flow_dst_last_pkt_time":1499346976603366,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346976603366,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEoKnmxhHr6i36AScSCi1wAAAgQFtAQCCAoD4sIYATjwoQEDAwc="}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1499346976604135,"flow_dst_last_pkt_time":1499346976603366,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499346976604135,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UoBAAD4Gc1isEAABwKgKMsxKAFAevqLfCp5sYoAQAOVB3wAAAQEICgE48KED4sIY"}
-01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499346976603214,"flow_src_last_pkt_time":1499346976604139,"flow_dst_last_pkt_time":1499346976603366,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346976604139,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01374{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499346976603214,"flow_src_last_pkt_time":1499346976604139,"flow_dst_last_pkt_time":1499346976603366,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346976604139,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499346976677111,"flow_src_last_pkt_time":1499346976677111,"flow_dst_last_pkt_time":1499346976677111,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346976677111,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1499346976677111,"flow_dst_last_pkt_time":1499346976677111,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346976677111,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8I8VAAD4GogusEAABwKgKMsxMAFCAL9N2AAAAAKACchBM1QAAAgQFtAQCCAoBOPCzAAAAAAEDAwc="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1499346976677111,"flow_dst_last_pkt_time":1499346976677196,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346976677196,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEzfj2P1gC\/Td6AScSBEIgAAAgQFtAQCCAoD4sIqATjwswEDAwc="}
@@ -52,9 +52,9 @@
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1499346976999789,"flow_dst_last_pkt_time":1499346976999944,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346976999944,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzGAmGFC+ciJO0aAScSCizgAAAgQFtAQCCAoD4sJ7ATjxBAEDAwc="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1499346977000540,"flow_dst_last_pkt_time":1499346976999925,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499346977000540,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z5JAAD4GXkasEAABwKgKMsxeAFDFSpaWtwyVpoAQAOXRDgAAAQEICgE48QQD4sJ7"}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1499346977000543,"flow_dst_last_pkt_time":1499346976999944,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499346977000543,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0v9VAAD4GBgOsEAABwKgKMsxgAFByIk7RJhhQv4AQAOVB1gAAAQEICgE48QQD4sJ7"}
-02239{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":140,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1499346976603214,"flow_src_last_pkt_time":1499346977842457,"flow_dst_last_pkt_time":1499346977841725,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":2998,"flow_dst_tot_l4_payload_len":14938,"midstream":0,"thread_ts_usec":1499346977842457,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":4,"avg":79927.5,"max":856251,"stddev":206521.8,"var":42651250688.0,"ent":2.7,"data": [152,921,4,863,1492,2144,20680,25919,42487,6012,44423,1321,232,1259,67,51,1208,273,437,68644,70522,37847,60433,98253,1091,851698,856251,4579,109710,139259,29522]},"pktlen": {"min":52,"avg":613.0,"max":4396,"stddev":1050.3,"var":1103191.5,"ent":3.7,"data": [60,60,52,361,52,564,52,394,1186,52,417,793,52,440,4396,4396,738,52,52,52,363,557,52,393,557,52,611,415,52,435,1856,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0],"entropies": [4.605007648,5.060326576,4.878231525,5.859004021,4.825252533,5.712884426,4.916693211,5.889322281,7.407968998,4.930902481,5.868651867,7.247689247,4.853979111,5.863908291,7.905287266,7.943071842,7.650606155,4.892440796,4.930902481,4.839461803,5.855611324,5.816545963,4.830034733,5.891600132,5.824794292,4.815517426,5.864365101,5.691962719,4.894361496,5.912110329,7.768774033,4.961857319]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499346976677111,"flow_src_last_pkt_time":1499346977863501,"flow_dst_last_pkt_time":1499346976677196,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":364,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346977863501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/dvwa\/js\/dvwaPage.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
-01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499346976999785,"flow_src_last_pkt_time":1499346977870159,"flow_dst_last_pkt_time":1499346976999925,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346977870159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+02393{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":140,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1499346976603214,"flow_src_last_pkt_time":1499346977842457,"flow_dst_last_pkt_time":1499346977841725,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":2998,"flow_dst_tot_l4_payload_len":14938,"midstream":0,"thread_ts_usec":1499346977842457,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":4,"avg":79927.5,"max":856251,"stddev":206521.8,"var":42651250688.0,"ent":2.7,"data": [152,921,4,863,1492,2144,20680,25919,42487,6012,44423,1321,232,1259,67,51,1208,273,437,68644,70522,37847,60433,98253,1091,851698,856251,4579,109710,139259,29522]},"pktlen": {"min":52,"avg":613.0,"max":4396,"stddev":1050.3,"var":1103191.5,"ent":3.7,"data": [60,60,52,361,52,564,52,394,1186,52,417,793,52,440,4396,4396,738,52,52,52,363,557,52,393,557,52,611,415,52,435,1856,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0],"entropies": [4.605007648,5.060326576,4.878231525,5.859004021,4.825252533,5.712884426,4.916693211,5.889322281,7.407968998,4.930902481,5.868651867,7.247689247,4.853979111,5.863908291,7.905287266,7.943071842,7.650606155,4.892440796,4.930902481,4.839461803,5.855611324,5.816545963,4.830034733,5.891600132,5.824794292,4.815517426,5.864365101,5.691962719,4.894361496,5.912110329,7.768774033,4.961857319]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01372{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499346976677111,"flow_src_last_pkt_time":1499346977863501,"flow_dst_last_pkt_time":1499346976677196,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":364,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346977863501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/dvwa\/js\/dvwaPage.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01362{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499346976999785,"flow_src_last_pkt_time":1499346977870159,"flow_dst_last_pkt_time":1499346976999925,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346977870159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499346983175773,"flow_src_last_pkt_time":1499346983175773,"flow_dst_last_pkt_time":1499346983175773,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346983175773,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1499346983175773,"flow_dst_last_pkt_time":1499346983175773,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346983175773,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ikRAAD4GO4ysEAABwKgKMsyiAFBY531IAAAAAKACchDDnAAAAgQFtAQCCAoBOPcMAAAAAAEDAwc="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1499346983175773,"flow_dst_last_pkt_time":1499346983175921,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346983175921,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzKJurEWjWOd9SaAScSBDxgAAAgQFtAQCCAoD4siDATj3DAEDAwc="}
@@ -179,7 +179,7 @@
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1499347035750380,"flow_dst_last_pkt_time":1499347035750380,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347035750380,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OG5AAD4GjWKsEAABwKgKMs7KAFDI6hIKAAAAAKACchCJVwAAAgQFtAQCCAoBOSpkAAAAAAEDAwc="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1499347035750380,"flow_dst_last_pkt_time":1499347035750472,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347035750472,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzsrSHYegyOoSC6AScSAwugAAAgQFtAQCCAoD4vvbATkqZAEDAwc="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1499347035751288,"flow_dst_last_pkt_time":1499347035750472,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347035751288,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OG9AAD4GjWmsEAABwKgKMs7KAFDI6hIL0h2HoYAQAOXPwQAAAQEICgE5KmQD4vvb"}
-01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347033203906,"flow_src_last_pkt_time":1499347037012811,"flow_dst_last_pkt_time":1499347033204003,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347037012811,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01519{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347033203906,"flow_src_last_pkt_time":1499347037012811,"flow_dst_last_pkt_time":1499347033204003,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347037012811,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347038276528,"flow_src_last_pkt_time":1499347038276528,"flow_dst_last_pkt_time":1499347038276528,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347038276528,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1499347038276528,"flow_dst_last_pkt_time":1499347038276528,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347038276528,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83pNAAD4G5zysEAABwKgKMs7kAFBDY\/JIAAAAAKACchAsDwAAAgQFtAQCCAoBOSzbAAAAAAEDAwc="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1499347038276528,"flow_dst_last_pkt_time":1499347038276651,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347038276651,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzuS5pPWWQ2PySaAScSB7fQAAAgQFtAQCCAoD4v5SATks2wEDAwc="}
@@ -192,7 +192,7 @@
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1499347042150116,"flow_dst_last_pkt_time":1499347042150116,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347042150116,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8q1JAAD4GGn6sEAABwKgKMs8MAFB23Zv2AAAAAKACchBK9gAAAgQFtAQCCAoBOTCkAAAAAAEDAwc="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1499347042150116,"flow_dst_last_pkt_time":1499347042150244,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347042150244,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzwwb3aSHdt2b96AScSCFcgAAAgQFtAQCCAoD4wIbATkwpAEDAwc="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1499347042150994,"flow_dst_last_pkt_time":1499347042150244,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347042150994,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0q1NAAD4GGoWsEAABwKgKMs8MAFB23Zv3G92kiIAQAOUkegAAAQEICgE5MKQD4wIb"}
-02385{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":665,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347033203906,"flow_src_last_pkt_time":1499347043160870,"flow_dst_last_pkt_time":1499347042153970,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16418,"midstream":0,"thread_ts_usec":1499347043160870,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":97,"avg":609904.1,"max":3808906,"stddev":940979.2,"var":885441822720.0,"ent":3.7,"data": [97,845,3808060,3808906,3088,3867,1010444,1014181,3805,246952,250608,3613,1037920,1041646,3765,265406,269174,3736,1020088,1024520,4409,240929,244611,3693,1033112,1036761,3674,252788,256472,3667,1006191]},"pktlen": {"min":52,"avg":716.8,"max":1921,"stddev":755.7,"var":571022.9,"ent":4.2,"data": [60,60,52,637,52,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1918,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.481729507,5.039574623,4.844108105,6.027367115,4.861793995,7.775769711,4.938717365,5.904430389,7.740994930,4.900255680,6.023871899,7.767442703,4.900255680,5.872165680,7.741530418,4.938717365,6.025243759,7.782982349,4.938717365,5.858062744,7.742496490,4.736229897,5.995160103,7.771011829,4.683251381,5.862007141,7.737675190,4.786791325,6.021321297,7.770700932,4.861794472,5.879370689]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02539{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":665,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347033203906,"flow_src_last_pkt_time":1499347043160870,"flow_dst_last_pkt_time":1499347042153970,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16418,"midstream":0,"thread_ts_usec":1499347043160870,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":97,"avg":609904.1,"max":3808906,"stddev":940979.2,"var":885441822720.0,"ent":3.7,"data": [97,845,3808060,3808906,3088,3867,1010444,1014181,3805,246952,250608,3613,1037920,1041646,3765,265406,269174,3736,1020088,1024520,4409,240929,244611,3693,1033112,1036761,3674,252788,256472,3667,1006191]},"pktlen": {"min":52,"avg":716.8,"max":1921,"stddev":755.7,"var":571022.9,"ent":4.2,"data": [60,60,52,637,52,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1918,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.481729507,5.039574623,4.844108105,6.027367115,4.861793995,7.775769711,4.938717365,5.904430389,7.740994930,4.900255680,6.023871899,7.767442703,4.900255680,5.872165680,7.741530418,4.938717365,6.025243759,7.782982349,4.938717365,5.858062744,7.742496490,4.736229897,5.995160103,7.771011829,4.683251381,5.862007141,7.737675190,4.786791325,6.021321297,7.770700932,4.861794472,5.879370689]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347043416905,"flow_src_last_pkt_time":1499347043416905,"flow_dst_last_pkt_time":1499347043416905,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347043416905,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1499347043416905,"flow_dst_last_pkt_time":1499347043416905,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347043416905,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8okxAAD4GI4SsEAABwKgKMs8aAFDJVZOtAAAAAKACchD\/ewAAAgQFtAQCCAoBOTHhAAAAAAEDAwc="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1499347043416905,"flow_dst_last_pkt_time":1499347043417034,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347043417034,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzxosqk4zyVWTrqAScSB+QwAAAgQFtAQCCAoD4wNXATkx4QEDAwc="}
@@ -249,12 +249,12 @@
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1499347066560105,"flow_dst_last_pkt_time":1499347066560105,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347066560105,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zkNAAD4G94ysEAABwKgKMtAMAFBP5YY5AAAAAKACchBu1QAAAgQFtAQCCAoBOUh6AAAAAAEDAwc="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1499347066560105,"flow_dst_last_pkt_time":1499347066560228,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347066560228,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Ax\/i5rPT+WGOqAScSA3hQAAAgQFtAQCCAoD4xnxATlIegEDAwc="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1499347066560976,"flow_dst_last_pkt_time":1499347066560228,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347066560976,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zkRAAD4G95OsEAABwKgKMtAMAFBP5YY6f4ua0IAQAOXWiwAAAQEICgE5SHsD4xnx"}
-01034{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1499346935283859,"flow_src_last_pkt_time":1499346941359819,"flow_dst_last_pkt_time":1499346941359853,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":7240,"flow_src_tot_l4_payload_len":2615,"flow_dst_tot_l4_payload_len":13133,"midstream":0,"thread_ts_usec":1499347068629839,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00890{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346935343132,"flow_src_last_pkt_time":1499346941289652,"flow_dst_last_pkt_time":1499346941289143,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347068629839,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01188{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1499346935283859,"flow_src_last_pkt_time":1499346941359819,"flow_dst_last_pkt_time":1499346941359853,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":7240,"flow_src_tot_l4_payload_len":2615,"flow_dst_tot_l4_payload_len":13133,"midstream":0,"thread_ts_usec":1499347068629839,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346935343132,"flow_src_last_pkt_time":1499346941289652,"flow_dst_last_pkt_time":1499346941289143,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347068629839,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00756{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346935343132,"flow_src_last_pkt_time":1499346941289652,"flow_dst_last_pkt_time":1499346941289143,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347068629839,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00890{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346935650305,"flow_src_last_pkt_time":1499346941289658,"flow_dst_last_pkt_time":1499346941289074,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347068629839,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346935650305,"flow_src_last_pkt_time":1499346941289658,"flow_dst_last_pkt_time":1499346941289074,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347068629839,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00756{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346935650305,"flow_src_last_pkt_time":1499346941289658,"flow_dst_last_pkt_time":1499346941289074,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347068629839,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00890{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346935650400,"flow_src_last_pkt_time":1499346941289604,"flow_dst_last_pkt_time":1499346941289065,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347068629839,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346935650400,"flow_src_last_pkt_time":1499346941289604,"flow_dst_last_pkt_time":1499346941289065,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347068629839,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00756{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346935650400,"flow_src_last_pkt_time":1499346941289604,"flow_dst_last_pkt_time":1499346941289065,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347068629839,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347069146742,"flow_src_last_pkt_time":1499347069146742,"flow_dst_last_pkt_time":1499347069146742,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347069146742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1499347069146742,"flow_dst_last_pkt_time":1499347069146742,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347069146742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8xkJAAD4G\/42sEAABwKgKMtAmAFBk4I1DAAAAAKACchBQLwAAAgQFtAQCCAoBOUsBAAAAAAEDAwc="}
@@ -308,12 +308,12 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1499347088552811,"flow_dst_last_pkt_time":1499347088552811,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347088552811,"pkt":"ABm5CmnxAMGxFOsxCABFAAA892FAAD4Gzm6sEAABwKgKMtDyAFAECKqUAAAAAKACchB\/9gAAAgQFtAQCCAoBOV31AAAAAAEDAwc="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1499347088552811,"flow_dst_last_pkt_time":1499347088552900,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347088552900,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0PJdbGlkBAiqlaAScSCGtgAAAgQFtAQCCAoD4y9rATld9QEDAwc="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1499347088553690,"flow_dst_last_pkt_time":1499347088552900,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347088553690,"pkt":"ABm5CmnxAMGxFOsxCABFAAA092JAAD4GznWsEAABwKgKMtDyAFAECKqVXWxpZYAQAOUlvgAAAQEICgE5XfUD4y9r"}
-01035{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":12,"flow_first_seen":1499346956870305,"flow_src_last_pkt_time":1499346960891795,"flow_dst_last_pkt_time":1499346960891254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":7926,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":13653,"midstream":0,"thread_ts_usec":1499347088637124,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00891{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346956932508,"flow_src_last_pkt_time":1499346960891762,"flow_dst_last_pkt_time":1499346960891224,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347088637124,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01189{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":12,"flow_first_seen":1499346956870305,"flow_src_last_pkt_time":1499346960891795,"flow_dst_last_pkt_time":1499346960891254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":7926,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":13653,"midstream":0,"thread_ts_usec":1499347088637124,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346956932508,"flow_src_last_pkt_time":1499346960891762,"flow_dst_last_pkt_time":1499346960891224,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347088637124,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00757{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346956932508,"flow_src_last_pkt_time":1499346960891762,"flow_dst_last_pkt_time":1499346960891224,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347088637124,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00891{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346957283336,"flow_src_last_pkt_time":1499346960891727,"flow_dst_last_pkt_time":1499346960891163,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347088637124,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346957283336,"flow_src_last_pkt_time":1499346960891727,"flow_dst_last_pkt_time":1499346960891163,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347088637124,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00757{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346957283336,"flow_src_last_pkt_time":1499346960891727,"flow_dst_last_pkt_time":1499346960891163,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347088637124,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00891{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346957283356,"flow_src_last_pkt_time":1499346960891727,"flow_dst_last_pkt_time":1499346960891160,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347088637124,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346957283356,"flow_src_last_pkt_time":1499346960891727,"flow_dst_last_pkt_time":1499346960891160,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347088637124,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00757{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346957283356,"flow_src_last_pkt_time":1499346960891727,"flow_dst_last_pkt_time":1499346960891160,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347088637124,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347091102802,"flow_src_last_pkt_time":1499347091102802,"flow_dst_last_pkt_time":1499347091102802,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347091102802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1499347091102802,"flow_dst_last_pkt_time":1499347091102802,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347091102802,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uhVAAD4GC7usEAABwKgKMtEMAFDkONpnAAAAAKACchBtWwAAAgQFtAQCCAoBOWByAAAAAAEDAwc="}
@@ -343,7 +343,7 @@
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1499347101314377,"flow_dst_last_pkt_time":1499347101314377,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347101314377,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HlBAAD4Gp4CsEAABwKgKMtF4AFDPTHQ7AAAAAKACchDeDgAAAgQFtAQCCAoBOWprAAAAAAEDAwc="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_src_last_pkt_time":1499347101314377,"flow_dst_last_pkt_time":1499347101314516,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347101314516,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0XjCGItuz0x0PKAScSBRoQAAAgQFtAQCCAoD4zviATlqawEDAwc="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_src_last_pkt_time":1499347101315270,"flow_dst_last_pkt_time":1499347101314516,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347101315270,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HlFAAD4Gp4esEAABwKgKMtF4AFDPTHQ8whiLb4AQAOXwqAAAAQEICgE5amsD4zvi"}
-01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347097460010,"flow_src_last_pkt_time":1499347102358512,"flow_dst_last_pkt_time":1499347097460137,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347102358512,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01376{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347097460010,"flow_src_last_pkt_time":1499347102358512,"flow_dst_last_pkt_time":1499347097460137,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347102358512,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347102609708,"flow_src_last_pkt_time":1499347102609708,"flow_dst_last_pkt_time":1499347102609708,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347102609708,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1499347102609708,"flow_dst_last_pkt_time":1499347102609708,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347102609708,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ux5AAD4GCrKsEAABwKgKMtGGAFBKzdCxAAAAAKACchAExgAAAgQFtAQCCAoBOWuvAAAAAAEDAwc="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1499347102609708,"flow_dst_last_pkt_time":1499347102609833,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347102609833,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0YYGn50FSs3QsqAScSAg+AAAAgQFtAQCCAoD4z0lATlrrwEDAwc="}
@@ -360,12 +360,12 @@
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1499347107719375,"flow_dst_last_pkt_time":1499347107719375,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347107719375,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GMdAAD4GrQmsEAABwKgKMtG8AFANSWhrAAAAAKACchClXQAAAgQFtAQCCAoBOXCsAAAAAAEDAwc="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1499347107719375,"flow_dst_last_pkt_time":1499347107719520,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347107719520,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0byrN2AMDUlobKAScSBU8gAAAgQFtAQCCAoD40IjATlwrAEDAwc="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_src_last_pkt_time":1499347107720082,"flow_dst_last_pkt_time":1499347107719520,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347107720082,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GMhAAD4GrRCsEAABwKgKMtG8AFANSWhsqzdgDYAQAOXz+AAAAQEICgE5cK0D40Ij"}
-02293{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1198,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347097460010,"flow_src_last_pkt_time":1499347107720768,"flow_dst_last_pkt_time":1499347107453968,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16319,"midstream":0,"thread_ts_usec":1499347107720768,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":127,"avg":653377.9,"max":4898512,"stddev":1185987.6,"var":1406566662144.0,"ent":3.5,"data": [127,684,4897818,4898512,8582,9379,243178,246717,3562,1041173,1044833,3840,241167,245261,3969,1005489,1009493,3958,240995,244588,3615,1008862,1012541,3693,268328,273700,5337,1005565,1009604,4099,266047]},"pktlen": {"min":52,"avg":713.7,"max":1920,"stddev":750.9,"var":563862.5,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.605007172,5.106241703,4.892748356,5.892271042,4.892748356,7.736833572,4.861793995,6.022665024,7.761230469,4.983880997,5.891326904,7.737265587,4.868495941,6.024899483,7.792784691,4.945419312,5.879211426,7.737951756,4.945419312,6.019626617,7.772718906,4.906957626,5.895821571,7.739050388,4.853979111,6.015067101,7.782599449,4.906957626,5.886952400,7.740243912,4.870416641,6.043610573]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01032{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1499346976677111,"flow_src_last_pkt_time":1499346982914483,"flow_dst_last_pkt_time":1499346982914560,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":5330,"flow_src_tot_l4_payload_len":759,"flow_dst_tot_l4_payload_len":6093,"midstream":0,"thread_ts_usec":1499347109003737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01032{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1499346976999785,"flow_src_last_pkt_time":1499346982906448,"flow_dst_last_pkt_time":1499346982906527,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1707,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":1707,"midstream":0,"thread_ts_usec":1499347109003737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346976999789,"flow_src_last_pkt_time":1499346982607912,"flow_dst_last_pkt_time":1499346982607149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347109003737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+02447{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1198,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347097460010,"flow_src_last_pkt_time":1499347107720768,"flow_dst_last_pkt_time":1499347107453968,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16319,"midstream":0,"thread_ts_usec":1499347107720768,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":127,"avg":653377.9,"max":4898512,"stddev":1185987.6,"var":1406566662144.0,"ent":3.5,"data": [127,684,4897818,4898512,8582,9379,243178,246717,3562,1041173,1044833,3840,241167,245261,3969,1005489,1009493,3958,240995,244588,3615,1008862,1012541,3693,268328,273700,5337,1005565,1009604,4099,266047]},"pktlen": {"min":52,"avg":713.7,"max":1920,"stddev":750.9,"var":563862.5,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.605007172,5.106241703,4.892748356,5.892271042,4.892748356,7.736833572,4.861793995,6.022665024,7.761230469,4.983880997,5.891326904,7.737265587,4.868495941,6.024899483,7.792784691,4.945419312,5.879211426,7.737951756,4.945419312,6.019626617,7.772718906,4.906957626,5.895821571,7.739050388,4.853979111,6.015067101,7.782599449,4.906957626,5.886952400,7.740243912,4.870416641,6.043610573]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01186{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1499346976677111,"flow_src_last_pkt_time":1499346982914483,"flow_dst_last_pkt_time":1499346982914560,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":5330,"flow_src_tot_l4_payload_len":759,"flow_dst_tot_l4_payload_len":6093,"midstream":0,"thread_ts_usec":1499347109003737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01186{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1499346976999785,"flow_src_last_pkt_time":1499346982906448,"flow_dst_last_pkt_time":1499346982906527,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1707,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":1707,"midstream":0,"thread_ts_usec":1499347109003737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346976999789,"flow_src_last_pkt_time":1499346982607912,"flow_dst_last_pkt_time":1499346982607149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347109003737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346976999789,"flow_src_last_pkt_time":1499346982607912,"flow_dst_last_pkt_time":1499346982607149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347109003737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346983175773,"flow_src_last_pkt_time":1499346988608499,"flow_dst_last_pkt_time":1499346988607740,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347109003737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346983175773,"flow_src_last_pkt_time":1499346988608499,"flow_dst_last_pkt_time":1499346988607740,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347109003737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346983175773,"flow_src_last_pkt_time":1499346988608499,"flow_dst_last_pkt_time":1499346988607740,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347109003737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347110266521,"flow_src_last_pkt_time":1499347110266521,"flow_dst_last_pkt_time":1499347110266521,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347110266521,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1499347110266521,"flow_dst_last_pkt_time":1499347110266521,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347110266521,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u39AAD4GClGsEAABwKgKMtHWAFDeH8hWAAAAAKACchByBAAAAgQFtAQCCAoBOXMpAAAAAAEDAwc="}
@@ -391,17 +391,17 @@
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1499347119336171,"flow_dst_last_pkt_time":1499347119336171,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347119336171,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AVBAAD4GxICsEAABwKgKMtI0AFAiVX1VAAAAAKACchBvlgAAAgQFtAQCCAoBOXwFAAAAAAEDAwc="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_src_last_pkt_time":1499347119336171,"flow_dst_last_pkt_time":1499347119336294,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347119336294,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0jRzeBsiIlV9VqAScSCQfAAAAgQFtAQCCAoD4017ATl8BQEDAwc="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_src_last_pkt_time":1499347119336977,"flow_dst_last_pkt_time":1499347119336294,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347119336977,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AVFAAD4GxIesEAABwKgKMtI0AFAiVX1Wc3gbI4AQAOUvhAAAAQEICgE5fAUD4017"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346984469275,"flow_src_last_pkt_time":1499346989608803,"flow_dst_last_pkt_time":1499346989608240,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346984469275,"flow_src_last_pkt_time":1499346989608803,"flow_dst_last_pkt_time":1499346989608240,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346984469275,"flow_src_last_pkt_time":1499346989608803,"flow_dst_last_pkt_time":1499346989608240,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499346985762027,"flow_src_last_pkt_time":1499346991610503,"flow_dst_last_pkt_time":1499346991609919,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499346985762027,"flow_src_last_pkt_time":1499346991610503,"flow_dst_last_pkt_time":1499346991609919,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499346985762027,"flow_src_last_pkt_time":1499346991610503,"flow_dst_last_pkt_time":1499346991609919,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346988319151,"flow_src_last_pkt_time":1499346993610291,"flow_dst_last_pkt_time":1499346993609545,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346988319151,"flow_src_last_pkt_time":1499346993610291,"flow_dst_last_pkt_time":1499346993609545,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346988319151,"flow_src_last_pkt_time":1499346993610291,"flow_dst_last_pkt_time":1499346993609545,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346989580719,"flow_src_last_pkt_time":1499346994610271,"flow_dst_last_pkt_time":1499346994609531,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346989580719,"flow_src_last_pkt_time":1499346994610271,"flow_dst_last_pkt_time":1499346994609531,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346989580719,"flow_src_last_pkt_time":1499346994610271,"flow_dst_last_pkt_time":1499346994609531,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346992144682,"flow_src_last_pkt_time":1499346997611137,"flow_dst_last_pkt_time":1499346997610395,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346992144682,"flow_src_last_pkt_time":1499346997611137,"flow_dst_last_pkt_time":1499346997610395,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346992144682,"flow_src_last_pkt_time":1499346997611137,"flow_dst_last_pkt_time":1499346997610395,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346993434942,"flow_src_last_pkt_time":1499346998611455,"flow_dst_last_pkt_time":1499346998610674,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346993434942,"flow_src_last_pkt_time":1499346998611455,"flow_dst_last_pkt_time":1499346998610674,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346993434942,"flow_src_last_pkt_time":1499346998611455,"flow_dst_last_pkt_time":1499346998610674,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347119643530,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347120603108,"flow_src_last_pkt_time":1499347120603108,"flow_dst_last_pkt_time":1499347120603108,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347120603108,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_src_last_pkt_time":1499347120603108,"flow_dst_last_pkt_time":1499347120603108,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347120603108,"pkt":"ABm5CmnxAMGxFOsxCABFAAA815JAAD4G7j2sEAABwKgKMtJCAFDFAarTAAAAAKACchCeIQAAAgQFtAQCCAoBOX1BAAAAAAEDAwc="}
@@ -427,17 +427,17 @@
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_src_last_pkt_time":1499347129584423,"flow_dst_last_pkt_time":1499347129584423,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347129584423,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rtVAAD4GFvusEAABwKgKMtKgAFDfKCjSAAAAAKACchD81wAAAgQFtAQCCAoBOYYHAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_src_last_pkt_time":1499347129584423,"flow_dst_last_pkt_time":1499347129584518,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347129584518,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0qA\/BA1B3ygo06AScSBWEQAAAgQFtAQCCAoD41d9ATmGBwEDAwc="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_src_last_pkt_time":1499347129585134,"flow_dst_last_pkt_time":1499347129584518,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347129585134,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rtZAAD4GFwKsEAABwKgKMtKgAFDfKCjTPwQNQoAQAOX1GAAAAQEICgE5hgcD41d9"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346994731477,"flow_src_last_pkt_time":1499347000612186,"flow_dst_last_pkt_time":1499347000611437,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346994731477,"flow_src_last_pkt_time":1499347000612186,"flow_dst_last_pkt_time":1499347000611437,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346994731477,"flow_src_last_pkt_time":1499347000612186,"flow_dst_last_pkt_time":1499347000611437,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346997314764,"flow_src_last_pkt_time":1499347002612432,"flow_dst_last_pkt_time":1499347002611661,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346997314764,"flow_src_last_pkt_time":1499347002612432,"flow_dst_last_pkt_time":1499347002611661,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346997314764,"flow_src_last_pkt_time":1499347002612432,"flow_dst_last_pkt_time":1499347002611661,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346998578995,"flow_src_last_pkt_time":1499347003612532,"flow_dst_last_pkt_time":1499347003611745,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346998578995,"flow_src_last_pkt_time":1499347003612532,"flow_dst_last_pkt_time":1499347003611745,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499346998578995,"flow_src_last_pkt_time":1499347003612532,"flow_dst_last_pkt_time":1499347003611745,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347001111123,"flow_src_last_pkt_time":1499347006612841,"flow_dst_last_pkt_time":1499347006612057,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347001111123,"flow_src_last_pkt_time":1499347006612841,"flow_dst_last_pkt_time":1499347006612057,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347001111123,"flow_src_last_pkt_time":1499347006612841,"flow_dst_last_pkt_time":1499347006612057,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347002399632,"flow_src_last_pkt_time":1499347007612999,"flow_dst_last_pkt_time":1499347007612264,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347002399632,"flow_src_last_pkt_time":1499347007612999,"flow_dst_last_pkt_time":1499347007612264,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347002399632,"flow_src_last_pkt_time":1499347007612999,"flow_dst_last_pkt_time":1499347007612264,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347003695813,"flow_src_last_pkt_time":1499347009612559,"flow_dst_last_pkt_time":1499347009612008,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347003695813,"flow_src_last_pkt_time":1499347009612559,"flow_dst_last_pkt_time":1499347009612008,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347003695813,"flow_src_last_pkt_time":1499347009612559,"flow_dst_last_pkt_time":1499347009612008,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347129648491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347132137846,"flow_src_last_pkt_time":1499347132137846,"flow_dst_last_pkt_time":1499347132137846,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347132137846,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_src_last_pkt_time":1499347132137846,"flow_dst_last_pkt_time":1499347132137846,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347132137846,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pedAAD4GH+msEAABwKgKMtK6AFAZEC1iAAAAAKACchC7yAAAAgQFtAQCCAoBOYiFAAAAAAEDAwc="}
@@ -459,15 +459,15 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":1499347138552350,"flow_dst_last_pkt_time":1499347138552350,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347138552350,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8erdAAD4GSxmsEAABwKgKMtL+AFByz\/R+AAAAAKACchCUZAAAAgQFtAQCCAoBOY7JAAAAAAEDAwc="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_src_last_pkt_time":1499347138552350,"flow_dst_last_pkt_time":1499347138552477,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347138552477,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0v61vhLmcs\/0f6AScSBofAAAAgQFtAQCCAoD42A\/ATmOyQEDAwc="}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_src_last_pkt_time":1499347138553246,"flow_dst_last_pkt_time":1499347138552477,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347138553246,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0erhAAD4GSyCsEAABwKgKMtL+AFByz\/R\/tb4S54AQAOUHhAAAAQEICgE5jskD42A\/"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347006233648,"flow_src_last_pkt_time":1499347011612983,"flow_dst_last_pkt_time":1499347011612442,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347006233648,"flow_src_last_pkt_time":1499347011612983,"flow_dst_last_pkt_time":1499347011612442,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347006233648,"flow_src_last_pkt_time":1499347011612983,"flow_dst_last_pkt_time":1499347011612442,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347007496086,"flow_src_last_pkt_time":1499347012613369,"flow_dst_last_pkt_time":1499347012612612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347007496086,"flow_src_last_pkt_time":1499347012613369,"flow_dst_last_pkt_time":1499347012612612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347007496086,"flow_src_last_pkt_time":1499347012613369,"flow_dst_last_pkt_time":1499347012612612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347010080677,"flow_src_last_pkt_time":1499347015613673,"flow_dst_last_pkt_time":1499347015612917,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347010080677,"flow_src_last_pkt_time":1499347015613673,"flow_dst_last_pkt_time":1499347015612917,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347010080677,"flow_src_last_pkt_time":1499347015613673,"flow_dst_last_pkt_time":1499347015612917,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347011349958,"flow_src_last_pkt_time":1499347016613864,"flow_dst_last_pkt_time":1499347016613152,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347011349958,"flow_src_last_pkt_time":1499347016613864,"flow_dst_last_pkt_time":1499347016613152,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347011349958,"flow_src_last_pkt_time":1499347016613864,"flow_dst_last_pkt_time":1499347016613152,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347012617694,"flow_src_last_pkt_time":1499347018613813,"flow_dst_last_pkt_time":1499347018613278,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347012617694,"flow_src_last_pkt_time":1499347018613813,"flow_dst_last_pkt_time":1499347018613278,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347012617694,"flow_src_last_pkt_time":1499347018613813,"flow_dst_last_pkt_time":1499347018613278,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347139829616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347141111431,"flow_src_last_pkt_time":1499347141111431,"flow_dst_last_pkt_time":1499347141111431,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347141111431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_src_last_pkt_time":1499347141111431,"flow_dst_last_pkt_time":1499347141111431,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347141111431,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OEpAAD4GjYasEAABwKgKMtMYAFBIRqkCAAAAAKACchAH0QAAAgQFtAQCCAoBOZFIAAAAAAEDAwc="}
@@ -493,17 +493,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":1499347150236857,"flow_dst_last_pkt_time":1499347150236857,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347150236857,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ESlAAD4GtKesEAABwKgKMtN2AFB3vosbAAAAAKACchDs9wAAAgQFtAQCCAoBOZoyAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1533,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_src_last_pkt_time":1499347150236857,"flow_dst_last_pkt_time":1499347150236950,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347150236950,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ03aiL1kKd76LHKAScSCDEQAAAgQFtAQCCAoD42uoATmaMgEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1534,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1499347150237732,"flow_dst_last_pkt_time":1499347150236950,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347150237732,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ESpAAD4GtK6sEAABwKgKMtN2AFB3voscoi9ZC4AQAOUiGQAAAQEICgE5mjID42uo"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347024196279,"flow_src_last_pkt_time":1499347029616275,"flow_dst_last_pkt_time":1499347029615745,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347024196279,"flow_src_last_pkt_time":1499347029616275,"flow_dst_last_pkt_time":1499347029615745,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347024196279,"flow_src_last_pkt_time":1499347029616275,"flow_dst_last_pkt_time":1499347029615745,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347015165463,"flow_src_last_pkt_time":1499347020614237,"flow_dst_last_pkt_time":1499347020613531,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347015165463,"flow_src_last_pkt_time":1499347020614237,"flow_dst_last_pkt_time":1499347020613531,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347015165463,"flow_src_last_pkt_time":1499347020614237,"flow_dst_last_pkt_time":1499347020613531,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347016455176,"flow_src_last_pkt_time":1499347021614454,"flow_dst_last_pkt_time":1499347021613682,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347016455176,"flow_src_last_pkt_time":1499347021614454,"flow_dst_last_pkt_time":1499347021613682,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347016455176,"flow_src_last_pkt_time":1499347021614454,"flow_dst_last_pkt_time":1499347021613682,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347017745608,"flow_src_last_pkt_time":1499347023616194,"flow_dst_last_pkt_time":1499347023615466,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347017745608,"flow_src_last_pkt_time":1499347023616194,"flow_dst_last_pkt_time":1499347023615466,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347017745608,"flow_src_last_pkt_time":1499347023616194,"flow_dst_last_pkt_time":1499347023615466,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347020329829,"flow_src_last_pkt_time":1499347025616173,"flow_dst_last_pkt_time":1499347025615446,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347020329829,"flow_src_last_pkt_time":1499347025616173,"flow_dst_last_pkt_time":1499347025615446,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347020329829,"flow_src_last_pkt_time":1499347025616173,"flow_dst_last_pkt_time":1499347025615446,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347021621411,"flow_src_last_pkt_time":1499347027616437,"flow_dst_last_pkt_time":1499347027615698,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347021621411,"flow_src_last_pkt_time":1499347027616437,"flow_dst_last_pkt_time":1499347027615698,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347021621411,"flow_src_last_pkt_time":1499347027616437,"flow_dst_last_pkt_time":1499347027615698,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347151520310,"flow_src_last_pkt_time":1499347151520310,"flow_dst_last_pkt_time":1499347151520310,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347151520310,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1499347151520310,"flow_dst_last_pkt_time":1499347151520310,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347151520310,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82ilAAD4G66asEAABwKgKMtOEAFDVpkFaAAAAAKACchDXgQAAAgQFtAQCCAoBOZtzAAAAAAEDAwc="}
@@ -529,17 +529,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1499347160581668,"flow_dst_last_pkt_time":1499347160581668,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347160581668,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eT9AAD4GTJGsEAABwKgKMtPiAFBG+91zAAAAAKACchDA3AAAAgQFtAQCCAoBOaRMAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_src_last_pkt_time":1499347160581668,"flow_dst_last_pkt_time":1499347160581793,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347160581793,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0+J0ull0RvvddKAScSB55wAAAgQFtAQCCAoD43XCATmkTAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_src_last_pkt_time":1499347160582546,"flow_dst_last_pkt_time":1499347160581793,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347160582546,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eUBAAD4GTJisEAABwKgKMtPiAFBG+910dLpZdYAQAOUY7wAAAQEICgE5pEwD43XC"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347025509874,"flow_src_last_pkt_time":1499347030616511,"flow_dst_last_pkt_time":1499347030615759,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347025509874,"flow_src_last_pkt_time":1499347030616511,"flow_dst_last_pkt_time":1499347030615759,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347025509874,"flow_src_last_pkt_time":1499347030616511,"flow_dst_last_pkt_time":1499347030615759,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347028086164,"flow_src_last_pkt_time":1499347033617025,"flow_dst_last_pkt_time":1499347033616280,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347028086164,"flow_src_last_pkt_time":1499347033617025,"flow_dst_last_pkt_time":1499347033616280,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347028086164,"flow_src_last_pkt_time":1499347033617025,"flow_dst_last_pkt_time":1499347033616280,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347029372309,"flow_src_last_pkt_time":1499347034616916,"flow_dst_last_pkt_time":1499347034616143,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347029372309,"flow_src_last_pkt_time":1499347034616916,"flow_dst_last_pkt_time":1499347034616143,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347029372309,"flow_src_last_pkt_time":1499347034616916,"flow_dst_last_pkt_time":1499347034616143,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347030639342,"flow_src_last_pkt_time":1499347036617620,"flow_dst_last_pkt_time":1499347036616905,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347030639342,"flow_src_last_pkt_time":1499347036617620,"flow_dst_last_pkt_time":1499347036616905,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347030639342,"flow_src_last_pkt_time":1499347036617620,"flow_dst_last_pkt_time":1499347036616905,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347034467270,"flow_src_last_pkt_time":1499347039618164,"flow_dst_last_pkt_time":1499347039617602,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347034467270,"flow_src_last_pkt_time":1499347039618164,"flow_dst_last_pkt_time":1499347039617602,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347034467270,"flow_src_last_pkt_time":1499347039618164,"flow_dst_last_pkt_time":1499347039617602,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-01039{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":208,"flow_dst_packets_processed":107,"flow_first_seen":1499346976603214,"flow_src_last_pkt_time":1499347036773535,"flow_dst_last_pkt_time":1499347036773581,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":47903,"flow_dst_tot_l4_payload_len":183657,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01193{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":208,"flow_dst_packets_processed":107,"flow_first_seen":1499346976603214,"flow_src_last_pkt_time":1499347036773535,"flow_dst_last_pkt_time":1499347036773581,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":47903,"flow_dst_tot_l4_payload_len":183657,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347163177633,"flow_src_last_pkt_time":1499347163177633,"flow_dst_last_pkt_time":1499347163177633,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347163177633,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_src_last_pkt_time":1499347163177633,"flow_dst_last_pkt_time":1499347163177633,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347163177633,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YKVAAD4GZSusEAABwKgKMtP8AFCcucZwAAAAAKACchB\/fgAAAgQFtAQCCAoBOabVAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_src_last_pkt_time":1499347163177633,"flow_dst_last_pkt_time":1499347163177740,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347163177740,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0\/zGVu0LnLnGcaAScSBQzAAAAgQFtAQCCAoD43hLATmm1QEDAwc="}
@@ -552,7 +552,7 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_src_last_pkt_time":1499347165741193,"flow_dst_last_pkt_time":1499347165741193,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347165741193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vRVAAD4GCLusEAABwKgKMtQYAFCo9hRDAAAAAKACchAi0gAAAgQFtAQCCAoBOalWAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_src_last_pkt_time":1499347165741193,"flow_dst_last_pkt_time":1499347165741317,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347165741317,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1BjYjd6VqPYURKAScSDt3QAAAgQFtAQCCAoD43rMATmpVgEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_src_last_pkt_time":1499347165742065,"flow_dst_last_pkt_time":1499347165741317,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347165742065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vRZAAD4GCMKsEAABwKgKMtQYAFCo9hRE2I3eloAQAOWM5QAAAQEICgE5qVYD43rM"}
-01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347163177633,"flow_src_last_pkt_time":1499347167004883,"flow_dst_last_pkt_time":1499347163177740,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347167004883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347163177633,"flow_src_last_pkt_time":1499347167004883,"flow_dst_last_pkt_time":1499347163177740,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347167004883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347168302582,"flow_src_last_pkt_time":1499347168302582,"flow_dst_last_pkt_time":1499347168302582,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347168302582,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_src_last_pkt_time":1499347168302582,"flow_dst_last_pkt_time":1499347168302582,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347168302582,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pdZAAD4GH\/qsEAABwKgKMtQyAFAP+Q4AAAAAAKACchC\/eAAAAgQFtAQCCAoBOavWAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_src_last_pkt_time":1499347168302582,"flow_dst_last_pkt_time":1499347168302748,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347168302748,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1DJusJVZD\/kOAaAScSA7HQAAAgQFtAQCCAoD431NATmr1gEDAwc="}
@@ -561,23 +561,23 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_src_last_pkt_time":1499347169573975,"flow_dst_last_pkt_time":1499347169573975,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347169573975,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83TtAAD4G6JSsEAABwKgKMtRAAFDvZ3AvAAAAAKACchB8jgAAAgQFtAQCCAoBOa0UAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_src_last_pkt_time":1499347169573975,"flow_dst_last_pkt_time":1499347169574068,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347169574068,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1EA8SVzP72dwMKAScSBh5gAAAgQFtAQCCAoD436LATmtFAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":3,"flow_src_last_pkt_time":1499347169574858,"flow_dst_last_pkt_time":1499347169574068,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347169574858,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03TxAAD4G6JusEAABwKgKMtRAAFDvZ3AwPElc0IAQAOUA7gAAAQEICgE5rRQD436L"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347035750380,"flow_src_last_pkt_time":1499347041619465,"flow_dst_last_pkt_time":1499347041618698,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347035750380,"flow_src_last_pkt_time":1499347041619465,"flow_dst_last_pkt_time":1499347041618698,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347035750380,"flow_src_last_pkt_time":1499347041619465,"flow_dst_last_pkt_time":1499347041618698,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347038276528,"flow_src_last_pkt_time":1499347043619404,"flow_dst_last_pkt_time":1499347043618673,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347038276528,"flow_src_last_pkt_time":1499347043619404,"flow_dst_last_pkt_time":1499347043618673,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347038276528,"flow_src_last_pkt_time":1499347043619404,"flow_dst_last_pkt_time":1499347043618673,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347039587218,"flow_src_last_pkt_time":1499347044619476,"flow_dst_last_pkt_time":1499347044618713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347039587218,"flow_src_last_pkt_time":1499347044619476,"flow_dst_last_pkt_time":1499347044618713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347039587218,"flow_src_last_pkt_time":1499347044619476,"flow_dst_last_pkt_time":1499347044618713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347042150116,"flow_src_last_pkt_time":1499347047620071,"flow_dst_last_pkt_time":1499347047619278,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347042150116,"flow_src_last_pkt_time":1499347047620071,"flow_dst_last_pkt_time":1499347047619278,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347042150116,"flow_src_last_pkt_time":1499347047620071,"flow_dst_last_pkt_time":1499347047619278,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347043416905,"flow_src_last_pkt_time":1499347048620405,"flow_dst_last_pkt_time":1499347048619667,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347043416905,"flow_src_last_pkt_time":1499347048620405,"flow_dst_last_pkt_time":1499347048619667,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347043416905,"flow_src_last_pkt_time":1499347048620405,"flow_dst_last_pkt_time":1499347048619667,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347044676186,"flow_src_last_pkt_time":1499347050622612,"flow_dst_last_pkt_time":1499347050622072,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347044676186,"flow_src_last_pkt_time":1499347050622612,"flow_dst_last_pkt_time":1499347050622072,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347044676186,"flow_src_last_pkt_time":1499347050622612,"flow_dst_last_pkt_time":1499347050622072,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347170842912,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347172098409,"flow_src_last_pkt_time":1499347172098409,"flow_dst_last_pkt_time":1499347172098409,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347172098409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_src_last_pkt_time":1499347172098409,"flow_dst_last_pkt_time":1499347172098409,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347172098409,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dk5AAD4GT4KsEAABwKgKMtRaAFDNItnFAAAAAKACchAyrAAAAgQFtAQCCAoBOa+LAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_src_last_pkt_time":1499347172098409,"flow_dst_last_pkt_time":1499347172098530,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347172098530,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1FoQ75vBzSLZxqAScSAB9QAAAgQFtAQCCAoD44ECATmviwEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":3,"flow_src_last_pkt_time":1499347172099279,"flow_dst_last_pkt_time":1499347172098530,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347172099279,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dk9AAD4GT4msEAABwKgKMtRaAFDNItnGEO+bwoAQAOWg\/AAAAQEICgE5r4sD44EC"}
-02389{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347163177633,"flow_src_last_pkt_time":1499347173124164,"flow_dst_last_pkt_time":1499347172102919,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16417,"midstream":0,"thread_ts_usec":1499347173124164,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":107,"avg":608768.2,"max":3827235,"stddev":943347.2,"var":889903972352.0,"ent":3.7,"data": [107,901,3826349,3827235,3096,3895,1023011,1026934,3928,268230,273681,5427,1005208,1009216,4030,256246,259862,3614,1006897,1010591,3696,250084,253817,3763,1011263,1016096,4808,241019,244651,3645,1020517]},"pktlen": {"min":52,"avg":716.8,"max":1921,"stddev":755.6,"var":570947.8,"ent":4.2,"data": [60,60,52,637,52,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1917,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.638340950,5.039574623,4.854287148,6.029434681,4.892748833,7.778367043,4.983880997,5.926498413,7.738680363,4.930902481,6.053852081,7.756084442,4.945419312,5.899237633,7.743415833,4.908878326,6.045033455,7.770442009,4.930902481,5.892504692,7.745852947,5.022342682,6.052529335,7.776908875,4.983880997,5.921900749,7.741519928,4.906957626,6.052155972,7.775801659,4.945419312,5.897080421]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02543{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347163177633,"flow_src_last_pkt_time":1499347173124164,"flow_dst_last_pkt_time":1499347172102919,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16417,"midstream":0,"thread_ts_usec":1499347173124164,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":107,"avg":608768.2,"max":3827235,"stddev":943347.2,"var":889903972352.0,"ent":3.7,"data": [107,901,3826349,3827235,3096,3895,1023011,1026934,3928,268230,273681,5427,1005208,1009216,4030,256246,259862,3614,1006897,1010591,3696,250084,253817,3763,1011263,1016096,4808,241019,244651,3645,1020517]},"pktlen": {"min":52,"avg":716.8,"max":1921,"stddev":755.6,"var":570947.8,"ent":4.2,"data": [60,60,52,637,52,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1917,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.638340950,5.039574623,4.854287148,6.029434681,4.892748833,7.778367043,4.983880997,5.926498413,7.738680363,4.930902481,6.053852081,7.756084442,4.945419312,5.899237633,7.743415833,4.908878326,6.045033455,7.770442009,4.930902481,5.892504692,7.745852947,5.022342682,6.052529335,7.776908875,4.983880997,5.921900749,7.741519928,4.906957626,6.052155972,7.775801659,4.945419312,5.897080421]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347173373791,"flow_src_last_pkt_time":1499347173373791,"flow_dst_last_pkt_time":1499347173373791,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347173373791,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_src_last_pkt_time":1499347173373791,"flow_dst_last_pkt_time":1499347173373791,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347173373791,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XK1AAD4GaSOsEAABwKgKMtRoAFDpcOxnAAAAAKACchACbwAAAgQFtAQCCAoBObDKAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_src_last_pkt_time":1499347173373791,"flow_dst_last_pkt_time":1499347173373905,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347173373905,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1GhwCsiK6XDsaKAScSBElAAAAgQFtAQCCAoD44JBATmwygEDAwc="}
@@ -598,15 +598,15 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_src_last_pkt_time":1499347181178834,"flow_dst_last_pkt_time":1499347181178834,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347181178834,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iI9AAD4GPUGsEAABwKgKMtS4AFBWujDmAAAAAKACchBIuAAAAgQFtAQCCAoBObhpAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_src_last_pkt_time":1499347181178834,"flow_dst_last_pkt_time":1499347181178931,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347181178931,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1LiEJRdhVrow56AScSAgTQAAAgQFtAQCCAoD44ngATm4aQEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":3,"flow_src_last_pkt_time":1499347181179532,"flow_dst_last_pkt_time":1499347181178931,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347181179532,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iJBAAD4GPUisEAABwKgKMtS4AFBWujDnhCUXYoAQAOW\/UwAAAQEICgE5uGoD44ng"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347047249299,"flow_src_last_pkt_time":1499347052623168,"flow_dst_last_pkt_time":1499347052622617,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347047249299,"flow_src_last_pkt_time":1499347052623168,"flow_dst_last_pkt_time":1499347052622617,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347047249299,"flow_src_last_pkt_time":1499347052623168,"flow_dst_last_pkt_time":1499347052622617,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347048548242,"flow_src_last_pkt_time":1499347053624108,"flow_dst_last_pkt_time":1499347053623383,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347048548242,"flow_src_last_pkt_time":1499347053624108,"flow_dst_last_pkt_time":1499347053623383,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347048548242,"flow_src_last_pkt_time":1499347053624108,"flow_dst_last_pkt_time":1499347053623383,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347051144619,"flow_src_last_pkt_time":1499347056624952,"flow_dst_last_pkt_time":1499347056624200,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347051144619,"flow_src_last_pkt_time":1499347056624952,"flow_dst_last_pkt_time":1499347056624200,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347051144619,"flow_src_last_pkt_time":1499347056624952,"flow_dst_last_pkt_time":1499347056624200,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347052434886,"flow_src_last_pkt_time":1499347057625240,"flow_dst_last_pkt_time":1499347057624486,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347052434886,"flow_src_last_pkt_time":1499347057625240,"flow_dst_last_pkt_time":1499347057624486,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347052434886,"flow_src_last_pkt_time":1499347057625240,"flow_dst_last_pkt_time":1499347057624486,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347053735968,"flow_src_last_pkt_time":1499347059625881,"flow_dst_last_pkt_time":1499347059625113,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347053735968,"flow_src_last_pkt_time":1499347059625881,"flow_dst_last_pkt_time":1499347059625113,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347053735968,"flow_src_last_pkt_time":1499347059625881,"flow_dst_last_pkt_time":1499347059625113,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347181185044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347182435600,"flow_src_last_pkt_time":1499347182435600,"flow_dst_last_pkt_time":1499347182435600,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347182435600,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_src_last_pkt_time":1499347182435600,"flow_dst_last_pkt_time":1499347182435600,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347182435600,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83IhAAD4G6UesEAABwKgKMtTGAFDgpGUsAAAAAKACchCJPgAAAgQFtAQCCAoBObmkAAAAAAEDAwc="}
@@ -636,19 +636,19 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_src_last_pkt_time":1499347191299775,"flow_dst_last_pkt_time":1499347191299775,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347191299775,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8a9RAAD4GWfysEAABwKgKMtUmAFBoHamYAAAAAKACchC0UQAAAgQFtAQCCAoBOcJMAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1865,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_src_last_pkt_time":1499347191299775,"flow_dst_last_pkt_time":1499347191299934,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347191299934,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1Sai+IEWaB2pmaAScSD5ewAAAgQFtAQCCAoD45PCATnCTAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":3,"flow_src_last_pkt_time":1499347191300466,"flow_dst_last_pkt_time":1499347191299934,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347191300466,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a9VAAD4GWgOsEAABwKgKMtUmAFBoHamZoviBF4AQAOWYgwAAAQEICgE5wkwD45PC"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347056332919,"flow_src_last_pkt_time":1499347061626282,"flow_dst_last_pkt_time":1499347061625565,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347056332919,"flow_src_last_pkt_time":1499347061626282,"flow_dst_last_pkt_time":1499347061625565,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347056332919,"flow_src_last_pkt_time":1499347061626282,"flow_dst_last_pkt_time":1499347061625565,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347057628057,"flow_src_last_pkt_time":1499347063626966,"flow_dst_last_pkt_time":1499347063626235,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347057628057,"flow_src_last_pkt_time":1499347063626966,"flow_dst_last_pkt_time":1499347063626235,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347057628057,"flow_src_last_pkt_time":1499347063626966,"flow_dst_last_pkt_time":1499347063626235,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347060176542,"flow_src_last_pkt_time":1499347065627947,"flow_dst_last_pkt_time":1499347065627238,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347060176542,"flow_src_last_pkt_time":1499347065627947,"flow_dst_last_pkt_time":1499347065627238,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347060176542,"flow_src_last_pkt_time":1499347065627947,"flow_dst_last_pkt_time":1499347065627238,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347061452043,"flow_src_last_pkt_time":1499347066629418,"flow_dst_last_pkt_time":1499347066628683,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347061452043,"flow_src_last_pkt_time":1499347066629418,"flow_dst_last_pkt_time":1499347066628683,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347061452043,"flow_src_last_pkt_time":1499347066629418,"flow_dst_last_pkt_time":1499347066628683,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347062740557,"flow_src_last_pkt_time":1499347068629839,"flow_dst_last_pkt_time":1499347068629253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347062740557,"flow_src_last_pkt_time":1499347068629839,"flow_dst_last_pkt_time":1499347068629253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347062740557,"flow_src_last_pkt_time":1499347068629839,"flow_dst_last_pkt_time":1499347068629253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347065288069,"flow_src_last_pkt_time":1499347070631313,"flow_dst_last_pkt_time":1499347070630606,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347065288069,"flow_src_last_pkt_time":1499347070631313,"flow_dst_last_pkt_time":1499347070630606,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347065288069,"flow_src_last_pkt_time":1499347070631313,"flow_dst_last_pkt_time":1499347070630606,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347066560105,"flow_src_last_pkt_time":1499347071631289,"flow_dst_last_pkt_time":1499347071630555,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347066560105,"flow_src_last_pkt_time":1499347071631289,"flow_dst_last_pkt_time":1499347071630555,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347066560105,"flow_src_last_pkt_time":1499347071631289,"flow_dst_last_pkt_time":1499347071630555,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347191666020,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347192547043,"flow_src_last_pkt_time":1499347192547043,"flow_dst_last_pkt_time":1499347192547043,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347192547043,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_src_last_pkt_time":1499347192547043,"flow_dst_last_pkt_time":1499347192547043,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347192547043,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NKNAAD4GkS2sEAABwKgKMtU0AFBlD\/cgAAAAAKACchBokgAAAgQFtAQCCAoBOcODAAAAAAEDAwc="}
@@ -674,15 +674,15 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_src_last_pkt_time":1499347201471316,"flow_dst_last_pkt_time":1499347201471316,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347201471316,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JERAAD4GoYysEAABwKgKMtWSAFCOe+h\/AAAAAKACchBEsQAAAgQFtAQCCAoBOcw7AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_src_last_pkt_time":1499347201471316,"flow_dst_last_pkt_time":1499347201471439,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347201471439,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1ZJxUzmIjnvogKAScSD5HwAAAgQFtAQCCAoD452xATnMOwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_src_last_pkt_time":1499347201472194,"flow_dst_last_pkt_time":1499347201471439,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347201472194,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JEVAAD4GoZOsEAABwKgKMtWSAFCOe+iAcVM5iYAQAOWYJwAAAQEICgE5zDsD452x"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347069146742,"flow_src_last_pkt_time":1499347074630874,"flow_dst_last_pkt_time":1499347074630324,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347069146742,"flow_src_last_pkt_time":1499347074630874,"flow_dst_last_pkt_time":1499347074630324,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347069146742,"flow_src_last_pkt_time":1499347074630874,"flow_dst_last_pkt_time":1499347074630324,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347070422420,"flow_src_last_pkt_time":1499347075631403,"flow_dst_last_pkt_time":1499347075630680,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347070422420,"flow_src_last_pkt_time":1499347075631403,"flow_dst_last_pkt_time":1499347075630680,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347070422420,"flow_src_last_pkt_time":1499347075631403,"flow_dst_last_pkt_time":1499347075630680,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347071685917,"flow_src_last_pkt_time":1499347077632156,"flow_dst_last_pkt_time":1499347077631432,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347071685917,"flow_src_last_pkt_time":1499347077632156,"flow_dst_last_pkt_time":1499347077631432,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347071685917,"flow_src_last_pkt_time":1499347077632156,"flow_dst_last_pkt_time":1499347077631432,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347074268117,"flow_src_last_pkt_time":1499347079633244,"flow_dst_last_pkt_time":1499347079632489,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347074268117,"flow_src_last_pkt_time":1499347079633244,"flow_dst_last_pkt_time":1499347079632489,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347074268117,"flow_src_last_pkt_time":1499347079633244,"flow_dst_last_pkt_time":1499347079632489,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347075596906,"flow_src_last_pkt_time":1499347080634142,"flow_dst_last_pkt_time":1499347080633407,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347075596906,"flow_src_last_pkt_time":1499347080634142,"flow_dst_last_pkt_time":1499347080633407,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347075596906,"flow_src_last_pkt_time":1499347080634142,"flow_dst_last_pkt_time":1499347080633407,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347201670504,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347202722084,"flow_src_last_pkt_time":1499347202722084,"flow_dst_last_pkt_time":1499347202722084,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347202722084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_src_last_pkt_time":1499347202722084,"flow_dst_last_pkt_time":1499347202722084,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347202722084,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83mxAAD4G52OsEAABwKgKMtWgAFD5fxMfAAAAAKACchCtxwAAAgQFtAQCCAoBOc1zAAAAAAEDAwc="}
@@ -708,17 +708,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_src_last_pkt_time":1499347211522672,"flow_dst_last_pkt_time":1499347211522672,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347211522672,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86VZAAD4G3HmsEAABwKgKMtX+AFCmKj9dAAAAAKACchDL6AAAAgQFtAQCCAoBOdYLAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2038,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_src_last_pkt_time":1499347211522672,"flow_dst_last_pkt_time":1499347211522744,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347211522744,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1f624YVgpio\/XqAScSDlHwAAAgQFtAQCCAoD46eCATnWCwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2039,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_src_last_pkt_time":1499347211523534,"flow_dst_last_pkt_time":1499347211522744,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347211523534,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06VdAAD4G3ICsEAABwKgKMtX+AFCmKj9etuGFYYAQAOWEJgAAAQEICgE51gwD46eC"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347078168829,"flow_src_last_pkt_time":1499347083634304,"flow_dst_last_pkt_time":1499347083633597,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347078168829,"flow_src_last_pkt_time":1499347083634304,"flow_dst_last_pkt_time":1499347083633597,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347078168829,"flow_src_last_pkt_time":1499347083634304,"flow_dst_last_pkt_time":1499347083633597,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347079449845,"flow_src_last_pkt_time":1499347084635243,"flow_dst_last_pkt_time":1499347084634533,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347079449845,"flow_src_last_pkt_time":1499347084635243,"flow_dst_last_pkt_time":1499347084634533,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347079449845,"flow_src_last_pkt_time":1499347084635243,"flow_dst_last_pkt_time":1499347084634533,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347080793785,"flow_src_last_pkt_time":1499347086636029,"flow_dst_last_pkt_time":1499347086635315,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347080793785,"flow_src_last_pkt_time":1499347086636029,"flow_dst_last_pkt_time":1499347086635315,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347080793785,"flow_src_last_pkt_time":1499347086636029,"flow_dst_last_pkt_time":1499347086635315,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347082084347,"flow_src_last_pkt_time":1499347087636674,"flow_dst_last_pkt_time":1499347087635966,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347082084347,"flow_src_last_pkt_time":1499347087636674,"flow_dst_last_pkt_time":1499347087635966,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347082084347,"flow_src_last_pkt_time":1499347087636674,"flow_dst_last_pkt_time":1499347087635966,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347083358642,"flow_src_last_pkt_time":1499347088637124,"flow_dst_last_pkt_time":1499347088636582,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347083358642,"flow_src_last_pkt_time":1499347088637124,"flow_dst_last_pkt_time":1499347088636582,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347083358642,"flow_src_last_pkt_time":1499347088637124,"flow_dst_last_pkt_time":1499347088636582,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347084644490,"flow_src_last_pkt_time":1499347090638459,"flow_dst_last_pkt_time":1499347090637945,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347084644490,"flow_src_last_pkt_time":1499347090638459,"flow_dst_last_pkt_time":1499347090637945,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347084644490,"flow_src_last_pkt_time":1499347090638459,"flow_dst_last_pkt_time":1499347090637945,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347211674094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347214088992,"flow_src_last_pkt_time":1499347214088992,"flow_dst_last_pkt_time":1499347214088992,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347214088992,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_src_last_pkt_time":1499347214088992,"flow_dst_last_pkt_time":1499347214088992,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347214088992,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KIZAAD4GnUqsEAABwKgKMtYYAFAozfALAAAAAKACchCV+wAAAgQFtAQCCAoBOdiNAAAAAAEDAwc="}
@@ -744,18 +744,18 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2123,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_src_last_pkt_time":1499347221694992,"flow_dst_last_pkt_time":1499347221694992,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347221694992,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89JJAAD4G0T2sEAABwKgKMtZqAFAcVCtpAAAAAKACchBfVwAAAgQFtAQCCAoBOd\/7AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_src_last_pkt_time":1499347221694992,"flow_dst_last_pkt_time":1499347221695136,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347221695136,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1mpdkOZGHFQraqAScSBnCgAAAgQFtAQCCAoD47FxATnf+wEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_src_last_pkt_time":1499347221695692,"flow_dst_last_pkt_time":1499347221695136,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347221695692,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09JNAAD4G0USsEAABwKgKMtZqAFAcVCtqXZDmR4AQAOUGEgAAAQEICgE53\/sD47Fx"}
-01136{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347033203906,"flow_src_last_pkt_time":1499347101320400,"flow_dst_last_pkt_time":1499347101320427,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183692,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347087256238,"flow_src_last_pkt_time":1499347092638992,"flow_dst_last_pkt_time":1499347092638228,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01290{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347033203906,"flow_src_last_pkt_time":1499347101320400,"flow_dst_last_pkt_time":1499347101320427,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183692,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347087256238,"flow_src_last_pkt_time":1499347092638992,"flow_dst_last_pkt_time":1499347092638228,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347087256238,"flow_src_last_pkt_time":1499347092638992,"flow_dst_last_pkt_time":1499347092638228,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347088552811,"flow_src_last_pkt_time":1499347093638529,"flow_dst_last_pkt_time":1499347093637977,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347088552811,"flow_src_last_pkt_time":1499347093638529,"flow_dst_last_pkt_time":1499347093637977,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347088552811,"flow_src_last_pkt_time":1499347093638529,"flow_dst_last_pkt_time":1499347093637977,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347091102802,"flow_src_last_pkt_time":1499347096639218,"flow_dst_last_pkt_time":1499347096638675,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347091102802,"flow_src_last_pkt_time":1499347096639218,"flow_dst_last_pkt_time":1499347096638675,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347091102802,"flow_src_last_pkt_time":1499347096639218,"flow_dst_last_pkt_time":1499347096638675,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347092374921,"flow_src_last_pkt_time":1499347097640030,"flow_dst_last_pkt_time":1499347097639278,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347092374921,"flow_src_last_pkt_time":1499347097640030,"flow_dst_last_pkt_time":1499347097639278,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347092374921,"flow_src_last_pkt_time":1499347097640030,"flow_dst_last_pkt_time":1499347097639278,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347093662309,"flow_src_last_pkt_time":1499347099640896,"flow_dst_last_pkt_time":1499347099640142,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347093662309,"flow_src_last_pkt_time":1499347099640896,"flow_dst_last_pkt_time":1499347099640142,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347093662309,"flow_src_last_pkt_time":1499347099640896,"flow_dst_last_pkt_time":1499347099640142,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347096201937,"flow_src_last_pkt_time":1499347101640595,"flow_dst_last_pkt_time":1499347101640039,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347096201937,"flow_src_last_pkt_time":1499347101640595,"flow_dst_last_pkt_time":1499347101640039,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347096201937,"flow_src_last_pkt_time":1499347101640595,"flow_dst_last_pkt_time":1499347101640039,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347221700350,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347224338550,"flow_src_last_pkt_time":1499347224338550,"flow_dst_last_pkt_time":1499347224338550,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347224338550,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_src_last_pkt_time":1499347224338550,"flow_dst_last_pkt_time":1499347224338550,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347224338550,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K5xAAD4GmjSsEAABwKgKMtaEAFDFiskTAAAAAKACchAVyAAAAgQFtAQCCAoBOeKPAAAAAAEDAwc="}
@@ -777,16 +777,16 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_src_last_pkt_time":1499347230690806,"flow_dst_last_pkt_time":1499347230690806,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347230690806,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uy1AAD4GCqOsEAABwKgKMtbIAFCbKFPuAAAAAKACchCu1wAAAgQFtAQCCAoBOejDAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_src_last_pkt_time":1499347230690806,"flow_dst_last_pkt_time":1499347230690844,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347230690844,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1shnmPeomyhT76AScSCSVwAAAgQFtAQCCAoD47o6ATnowwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":3,"flow_src_last_pkt_time":1499347230691619,"flow_dst_last_pkt_time":1499347230690844,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347230691619,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uy5AAD4GCqqsEAABwKgKMtbIAFCbKFPvZ5j3qYAQAOUxXgAAAQEICgE56MQD47o6"}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347228091325,"flow_src_last_pkt_time":1499347231733910,"flow_dst_last_pkt_time":1499347228091420,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231733910,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347098746605,"flow_src_last_pkt_time":1499347104641436,"flow_dst_last_pkt_time":1499347104640704,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347228091325,"flow_src_last_pkt_time":1499347231733910,"flow_dst_last_pkt_time":1499347228091420,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231733910,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347098746605,"flow_src_last_pkt_time":1499347104641436,"flow_dst_last_pkt_time":1499347104640704,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347098746605,"flow_src_last_pkt_time":1499347104641436,"flow_dst_last_pkt_time":1499347104640704,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347101314377,"flow_src_last_pkt_time":1499347106642382,"flow_dst_last_pkt_time":1499347106641632,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347101314377,"flow_src_last_pkt_time":1499347106642382,"flow_dst_last_pkt_time":1499347106641632,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347101314377,"flow_src_last_pkt_time":1499347106642382,"flow_dst_last_pkt_time":1499347106641632,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347102609708,"flow_src_last_pkt_time":1499347107642215,"flow_dst_last_pkt_time":1499347107641480,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347102609708,"flow_src_last_pkt_time":1499347107642215,"flow_dst_last_pkt_time":1499347107641480,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347102609708,"flow_src_last_pkt_time":1499347107642215,"flow_dst_last_pkt_time":1499347107641480,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347105154035,"flow_src_last_pkt_time":1499347110642346,"flow_dst_last_pkt_time":1499347110641611,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347105154035,"flow_src_last_pkt_time":1499347110642346,"flow_dst_last_pkt_time":1499347110641611,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347105154035,"flow_src_last_pkt_time":1499347110642346,"flow_dst_last_pkt_time":1499347110641611,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347106438309,"flow_src_last_pkt_time":1499347111642936,"flow_dst_last_pkt_time":1499347111642184,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347106438309,"flow_src_last_pkt_time":1499347111642936,"flow_dst_last_pkt_time":1499347111642184,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347106438309,"flow_src_last_pkt_time":1499347111642936,"flow_dst_last_pkt_time":1499347111642184,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347231976292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347233219454,"flow_src_last_pkt_time":1499347233219454,"flow_dst_last_pkt_time":1499347233219454,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347233219454,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_src_last_pkt_time":1499347233219454,"flow_dst_last_pkt_time":1499347233219454,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347233219454,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Fw9AAD4GrsGsEAABwKgKMtbiAFBsKfwzAAAAAKACchAy\/gAAAgQFtAQCCAoBOes8AAAAAAEDAwc="}
@@ -800,7 +800,7 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_src_last_pkt_time":1499347235716450,"flow_dst_last_pkt_time":1499347235716450,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347235716450,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wLxAAD4GBRSsEAABwKgKMtb+AFAtaC0QAAAAAKACchA+VwAAAgQFtAQCCAoBOe2sAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2236,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_src_last_pkt_time":1499347235716450,"flow_dst_last_pkt_time":1499347235716582,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347235716582,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1v760xqZLWgtEaAScSBmwwAAAgQFtAQCCAoD478iATntrAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2237,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_src_last_pkt_time":1499347235717314,"flow_dst_last_pkt_time":1499347235716582,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347235717314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wL1AAD4GBRusEAABwKgKMtb+AFAtaC0R+tMamoAQAOUFywAAAQEICgE57awD478i"}
-02290{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347228091325,"flow_src_last_pkt_time":1499347237016547,"flow_dst_last_pkt_time":1499347236759533,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16317,"midstream":0,"thread_ts_usec":1499347237016547,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":95,"avg":567530.0,"max":3642588,"stddev":903579.0,"var":816455024640.0,"ent":3.6,"data": [95,698,3641887,3642588,3124,4095,234104,238457,4183,1006077,1010963,4878,233120,236850,3778,1005601,1010652,5027,236201,239833,3605,1006827,1010500,3683,232616,236267,3614,1034871,1038879,4091,256266]},"pktlen": {"min":52,"avg":713.7,"max":1921,"stddev":750.8,"var":563712.5,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1915,52,435,1822,52,637,1921,52,435,1822,52,637,1919,52,435,1822,52,637]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.571673870,5.060326576,4.892748356,5.911661148,4.892748833,7.739586830,4.755836964,6.006965160,7.753130913,4.870416641,5.890732765,7.738875389,4.906957626,6.010314941,7.782026768,4.906957626,5.890962601,7.741142273,4.945419312,6.027306080,7.776299953,4.945419312,5.905275345,7.742319107,4.983880997,6.020912647,7.756708145,4.906957626,5.913722038,7.742949486,4.945419312,6.050437927]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02444{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347228091325,"flow_src_last_pkt_time":1499347237016547,"flow_dst_last_pkt_time":1499347236759533,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16317,"midstream":0,"thread_ts_usec":1499347237016547,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":95,"avg":567530.0,"max":3642588,"stddev":903579.0,"var":816455024640.0,"ent":3.6,"data": [95,698,3641887,3642588,3124,4095,234104,238457,4183,1006077,1010963,4878,233120,236850,3778,1005601,1010652,5027,236201,239833,3605,1006827,1010500,3683,232616,236267,3614,1034871,1038879,4091,256266]},"pktlen": {"min":52,"avg":713.7,"max":1921,"stddev":750.8,"var":563712.5,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1915,52,435,1822,52,637,1921,52,435,1822,52,637,1919,52,435,1822,52,637]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.571673870,5.060326576,4.892748356,5.911661148,4.892748833,7.739586830,4.755836964,6.006965160,7.753130913,4.870416641,5.890732765,7.738875389,4.906957626,6.010314941,7.782026768,4.906957626,5.890962601,7.741142273,4.945419312,6.027306080,7.776299953,4.945419312,5.905275345,7.742319107,4.983880997,6.020912647,7.756708145,4.906957626,5.913722038,7.742949486,4.945419312,6.050437927]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347238260432,"flow_src_last_pkt_time":1499347238260432,"flow_dst_last_pkt_time":1499347238260432,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347238260432,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":1499347238260432,"flow_dst_last_pkt_time":1499347238260432,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347238260432,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8N5lAAD4GjjesEAABwKgKMtcYAFCMG8exAAAAAKACchBCbAAAAgQFtAQCCAoBOfAoAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2254,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_src_last_pkt_time":1499347238260432,"flow_dst_last_pkt_time":1499347238260538,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347238260538,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1xiQuLeAjBvHsqAScSA1kAAAAgQFtAQCCAoD48GeATnwKAEDAwc="}
@@ -813,15 +813,15 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":1499347240786524,"flow_dst_last_pkt_time":1499347240786524,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347240786524,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LjpAAD4Gl5asEAABwKgKMtc0AFB5mNylAAAAAKACchA9aAAAAgQFtAQCCAoBOfKfAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_src_last_pkt_time":1499347240786524,"flow_dst_last_pkt_time":1499347240786650,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347240786650,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1zRt9KwCeZjcpqAScSBcVgAAAgQFtAQCCAoD48QWATnynwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_src_last_pkt_time":1499347240787208,"flow_dst_last_pkt_time":1499347240786650,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347240787208,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LjtAAD4Gl52sEAABwKgKMtc0AFB5mNymbfSsA4AQAOX7XAAAAQEICgE58qAD48QW"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347107719375,"flow_src_last_pkt_time":1499347113642966,"flow_dst_last_pkt_time":1499347113642448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347107719375,"flow_src_last_pkt_time":1499347113642966,"flow_dst_last_pkt_time":1499347113642448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347107719375,"flow_src_last_pkt_time":1499347113642966,"flow_dst_last_pkt_time":1499347113642448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347110266521,"flow_src_last_pkt_time":1499347115643158,"flow_dst_last_pkt_time":1499347115642643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347110266521,"flow_src_last_pkt_time":1499347115643158,"flow_dst_last_pkt_time":1499347115642643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347110266521,"flow_src_last_pkt_time":1499347115643158,"flow_dst_last_pkt_time":1499347115642643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347111565010,"flow_src_last_pkt_time":1499347116643034,"flow_dst_last_pkt_time":1499347116642482,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347111565010,"flow_src_last_pkt_time":1499347116643034,"flow_dst_last_pkt_time":1499347116642482,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347111565010,"flow_src_last_pkt_time":1499347116643034,"flow_dst_last_pkt_time":1499347116642482,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347114111371,"flow_src_last_pkt_time":1499347119643530,"flow_dst_last_pkt_time":1499347119642977,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347114111371,"flow_src_last_pkt_time":1499347119643530,"flow_dst_last_pkt_time":1499347119642977,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347114111371,"flow_src_last_pkt_time":1499347119643530,"flow_dst_last_pkt_time":1499347119642977,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347115408321,"flow_src_last_pkt_time":1499347120644790,"flow_dst_last_pkt_time":1499347120644045,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347115408321,"flow_src_last_pkt_time":1499347120644790,"flow_dst_last_pkt_time":1499347120644045,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347115408321,"flow_src_last_pkt_time":1499347120644790,"flow_dst_last_pkt_time":1499347120644045,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347242051776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347243333607,"flow_src_last_pkt_time":1499347243333607,"flow_dst_last_pkt_time":1499347243333607,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347243333607,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":1499347243333607,"flow_dst_last_pkt_time":1499347243333607,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347243333607,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87MZAAD4G2QmsEAABwKgKMtdOAFA1pxnaAAAAAKACchBBjgAAAgQFtAQCCAoBOfUcAAAAAAEDAwc="}
@@ -847,17 +847,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_src_last_pkt_time":1499347252179696,"flow_dst_last_pkt_time":1499347252179696,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347252179696,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86Q5AAD4G3MGsEAABwKgKMtesAFDOJxTOAAAAAKACchClFwAAAgQFtAQCCAoBOf3AAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_src_last_pkt_time":1499347252179696,"flow_dst_last_pkt_time":1499347252179824,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347252179824,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ16ypaMjNzicUz6AScSBgpgAAAgQFtAQCCAoD4882ATn9wAEDAwc="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":3,"flow_src_last_pkt_time":1499347252180563,"flow_dst_last_pkt_time":1499347252179824,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347252180563,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06Q9AAD4G3MisEAABwKgKMtesAFDOJxTPqWjIzoAQAOX\/rQAAAQEICgE5\/cAD4882"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347116705522,"flow_src_last_pkt_time":1499347122644441,"flow_dst_last_pkt_time":1499347122643890,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347116705522,"flow_src_last_pkt_time":1499347122644441,"flow_dst_last_pkt_time":1499347122643890,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347116705522,"flow_src_last_pkt_time":1499347122644441,"flow_dst_last_pkt_time":1499347122643890,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347119336171,"flow_src_last_pkt_time":1499347124645146,"flow_dst_last_pkt_time":1499347124644417,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347119336171,"flow_src_last_pkt_time":1499347124645146,"flow_dst_last_pkt_time":1499347124644417,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347119336171,"flow_src_last_pkt_time":1499347124645146,"flow_dst_last_pkt_time":1499347124644417,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347120603108,"flow_src_last_pkt_time":1499347125645901,"flow_dst_last_pkt_time":1499347125645169,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347120603108,"flow_src_last_pkt_time":1499347125645901,"flow_dst_last_pkt_time":1499347125645169,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347120603108,"flow_src_last_pkt_time":1499347125645901,"flow_dst_last_pkt_time":1499347125645169,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347123174408,"flow_src_last_pkt_time":1499347128646363,"flow_dst_last_pkt_time":1499347128645626,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347123174408,"flow_src_last_pkt_time":1499347128646363,"flow_dst_last_pkt_time":1499347128645626,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347123174408,"flow_src_last_pkt_time":1499347128646363,"flow_dst_last_pkt_time":1499347128645626,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347124454359,"flow_src_last_pkt_time":1499347129648491,"flow_dst_last_pkt_time":1499347129647917,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347124454359,"flow_src_last_pkt_time":1499347129648491,"flow_dst_last_pkt_time":1499347129647917,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347124454359,"flow_src_last_pkt_time":1499347129648491,"flow_dst_last_pkt_time":1499347129647917,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347125743151,"flow_src_last_pkt_time":1499347131649116,"flow_dst_last_pkt_time":1499347131648395,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347125743151,"flow_src_last_pkt_time":1499347131649116,"flow_dst_last_pkt_time":1499347131648395,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347125743151,"flow_src_last_pkt_time":1499347131649116,"flow_dst_last_pkt_time":1499347131648395,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347252685993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347253445070,"flow_src_last_pkt_time":1499347253445070,"flow_dst_last_pkt_time":1499347253445070,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347253445070,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_src_last_pkt_time":1499347253445070,"flow_dst_last_pkt_time":1499347253445070,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347253445070,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uoZAAD4GC0qsEAABwKgKMte6AFBXtER6AAAAAKACchDqlAAAAgQFtAQCCAoBOf78AAAAAAEDAwc="}
@@ -883,17 +883,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1499347262289310,"flow_dst_last_pkt_time":1499347262289310,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347262289310,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ic9AAD4GPAGsEAABwKgKMtgYAFBS2I5QAAAAAKACchCcmQAAAgQFtAQCCAoBOgefAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2452,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_src_last_pkt_time":1499347262289310,"flow_dst_last_pkt_time":1499347262289431,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347262289431,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2BhB\/tqnUtiOUaAScSCj2QAAAgQFtAQCCAoD49kVAToHnwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2453,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":3,"flow_src_last_pkt_time":1499347262290176,"flow_dst_last_pkt_time":1499347262289431,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347262290176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0idBAAD4GPAisEAABwKgKMtgYAFBS2I5RQf7aqIAQAOVC4QAAAQEICgE6B58D49kV"}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347128311749,"flow_src_last_pkt_time":1499347133649793,"flow_dst_last_pkt_time":1499347133649025,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347128311749,"flow_src_last_pkt_time":1499347133649793,"flow_dst_last_pkt_time":1499347133649025,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347128311749,"flow_src_last_pkt_time":1499347133649793,"flow_dst_last_pkt_time":1499347133649025,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347129584423,"flow_src_last_pkt_time":1499347134649963,"flow_dst_last_pkt_time":1499347134649358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347129584423,"flow_src_last_pkt_time":1499347134649963,"flow_dst_last_pkt_time":1499347134649358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347129584423,"flow_src_last_pkt_time":1499347134649963,"flow_dst_last_pkt_time":1499347134649358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347132137846,"flow_src_last_pkt_time":1499347137650808,"flow_dst_last_pkt_time":1499347137650234,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347132137846,"flow_src_last_pkt_time":1499347137650808,"flow_dst_last_pkt_time":1499347137650234,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347132137846,"flow_src_last_pkt_time":1499347137650808,"flow_dst_last_pkt_time":1499347137650234,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347133434215,"flow_src_last_pkt_time":1499347138651347,"flow_dst_last_pkt_time":1499347138650598,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347133434215,"flow_src_last_pkt_time":1499347138651347,"flow_dst_last_pkt_time":1499347138650598,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347133434215,"flow_src_last_pkt_time":1499347138651347,"flow_dst_last_pkt_time":1499347138650598,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00892{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347134702778,"flow_src_last_pkt_time":1499347140651804,"flow_dst_last_pkt_time":1499347140651206,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347134702778,"flow_src_last_pkt_time":1499347140651804,"flow_dst_last_pkt_time":1499347140651206,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00758{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347134702778,"flow_src_last_pkt_time":1499347140651804,"flow_dst_last_pkt_time":1499347140651206,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347137239586,"flow_src_last_pkt_time":1499347142652382,"flow_dst_last_pkt_time":1499347142651822,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347137239586,"flow_src_last_pkt_time":1499347142652382,"flow_dst_last_pkt_time":1499347142651822,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347137239586,"flow_src_last_pkt_time":1499347142652382,"flow_dst_last_pkt_time":1499347142651822,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347262689407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347263542761,"flow_src_last_pkt_time":1499347263542761,"flow_dst_last_pkt_time":1499347263542761,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347263542761,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":1499347263542761,"flow_dst_last_pkt_time":1499347263542761,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347263542761,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VDNAAD4GcZ2sEAABwKgKMtgmAFA8SlzqAAAAAKACchDjRQAAAgQFtAQCCAoBOgjZAAAAAAEDAwc="}
@@ -923,17 +923,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1499347272469831,"flow_dst_last_pkt_time":1499347272469831,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347272469831,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wnhAAD4GA1isEAABwKgKMtiGAFBxpNPoAAAAAKACchAt1gAAAgQFtAQCCAoBOhGQAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_src_last_pkt_time":1499347272469831,"flow_dst_last_pkt_time":1499347272469965,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347272469965,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2IbhJKqDcaTT6aAScSC8IQAAAgQFtAQCCAoD4+MHAToRkAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":3,"flow_src_last_pkt_time":1499347272470508,"flow_dst_last_pkt_time":1499347272469965,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347272470508,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wnlAAD4GA1+sEAABwKgKMtiGAFBxpNPp4SSqhIAQAOVbKAAAAQEICgE6EZED4+MH"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347138552350,"flow_src_last_pkt_time":1499347143653049,"flow_dst_last_pkt_time":1499347143652358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347138552350,"flow_src_last_pkt_time":1499347143653049,"flow_dst_last_pkt_time":1499347143652358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347138552350,"flow_src_last_pkt_time":1499347143653049,"flow_dst_last_pkt_time":1499347143652358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347141111431,"flow_src_last_pkt_time":1499347146653585,"flow_dst_last_pkt_time":1499347146652906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347141111431,"flow_src_last_pkt_time":1499347146653585,"flow_dst_last_pkt_time":1499347146652906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347141111431,"flow_src_last_pkt_time":1499347146653585,"flow_dst_last_pkt_time":1499347146652906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347142412987,"flow_src_last_pkt_time":1499347147653862,"flow_dst_last_pkt_time":1499347147653167,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347142412987,"flow_src_last_pkt_time":1499347147653862,"flow_dst_last_pkt_time":1499347147653167,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347142412987,"flow_src_last_pkt_time":1499347147653862,"flow_dst_last_pkt_time":1499347147653167,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347143676565,"flow_src_last_pkt_time":1499347149654046,"flow_dst_last_pkt_time":1499347149653324,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347143676565,"flow_src_last_pkt_time":1499347149654046,"flow_dst_last_pkt_time":1499347149653324,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347143676565,"flow_src_last_pkt_time":1499347149654046,"flow_dst_last_pkt_time":1499347149653324,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347146267980,"flow_src_last_pkt_time":1499347151654031,"flow_dst_last_pkt_time":1499347151653342,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347146267980,"flow_src_last_pkt_time":1499347151654031,"flow_dst_last_pkt_time":1499347151653342,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347146267980,"flow_src_last_pkt_time":1499347151654031,"flow_dst_last_pkt_time":1499347151653342,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347147523436,"flow_src_last_pkt_time":1499347152654976,"flow_dst_last_pkt_time":1499347152654215,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347147523436,"flow_src_last_pkt_time":1499347152654976,"flow_dst_last_pkt_time":1499347152654215,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347147523436,"flow_src_last_pkt_time":1499347152654976,"flow_dst_last_pkt_time":1499347152654215,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347272693887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347273742540,"flow_src_last_pkt_time":1499347273742540,"flow_dst_last_pkt_time":1499347273742540,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347273742540,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":1499347273742540,"flow_dst_last_pkt_time":1499347273742540,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347273742540,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8s+tAAD4GEeWsEAABwKgKMtiUAFBek6EkAAAAAKACchByXgAAAgQFtAQCCAoBOhLPAAAAAAEDAwc="}
@@ -959,15 +959,15 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_src_last_pkt_time":1499347282573995,"flow_dst_last_pkt_time":1499347282573995,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347282573995,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mj1AAD4GK5OsEAABwKgKMtjyAFDR4YFTAAAAAKACchAV5AAAAgQFtAQCCAoBOhtuAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_src_last_pkt_time":1499347282573995,"flow_dst_last_pkt_time":1499347282574166,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347282574166,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2PL\/kZOB0eGBVKAScSCS5gAAAgQFtAQCCAoD4+zlATobbgEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_src_last_pkt_time":1499347282574915,"flow_dst_last_pkt_time":1499347282574166,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347282574915,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mj5AAD4GK5qsEAABwKgKMtjyAFDR4YFU\/5GTgoAQAOUx7QAAAQEICgE6G28D4+zl"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347150236857,"flow_src_last_pkt_time":1499347155656099,"flow_dst_last_pkt_time":1499347155655385,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347150236857,"flow_src_last_pkt_time":1499347155656099,"flow_dst_last_pkt_time":1499347155655385,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347150236857,"flow_src_last_pkt_time":1499347155656099,"flow_dst_last_pkt_time":1499347155655385,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347151520310,"flow_src_last_pkt_time":1499347156656092,"flow_dst_last_pkt_time":1499347156655350,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347151520310,"flow_src_last_pkt_time":1499347156656092,"flow_dst_last_pkt_time":1499347156655350,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347151520310,"flow_src_last_pkt_time":1499347156656092,"flow_dst_last_pkt_time":1499347156655350,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347152786524,"flow_src_last_pkt_time":1499347158656581,"flow_dst_last_pkt_time":1499347158655907,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347152786524,"flow_src_last_pkt_time":1499347158656581,"flow_dst_last_pkt_time":1499347158655907,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347152786524,"flow_src_last_pkt_time":1499347158656581,"flow_dst_last_pkt_time":1499347158655907,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347155346301,"flow_src_last_pkt_time":1499347160658357,"flow_dst_last_pkt_time":1499347160657829,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347155346301,"flow_src_last_pkt_time":1499347160658357,"flow_dst_last_pkt_time":1499347160657829,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347155346301,"flow_src_last_pkt_time":1499347160658357,"flow_dst_last_pkt_time":1499347160657829,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347156630374,"flow_src_last_pkt_time":1499347161658902,"flow_dst_last_pkt_time":1499347161658201,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347156630374,"flow_src_last_pkt_time":1499347161658902,"flow_dst_last_pkt_time":1499347161658201,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347156630374,"flow_src_last_pkt_time":1499347161658902,"flow_dst_last_pkt_time":1499347161658201,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347282696361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347285114428,"flow_src_last_pkt_time":1499347285114428,"flow_dst_last_pkt_time":1499347285114428,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347285114428,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_src_last_pkt_time":1499347285114428,"flow_dst_last_pkt_time":1499347285114428,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347285114428,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AAxAAD4GxcSsEAABwKgKMtkMAFDF1B3mAAAAAKACchCCyAAAAgQFtAQCCAoBOh3qAAAAAAEDAwc="}
@@ -993,20 +993,20 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1499347292725420,"flow_dst_last_pkt_time":1499347292725420,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347292725420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Az5AAD4GwpKsEAABwKgKMtleAFDMWSZmAAAAAKACchBsAwAAAgQFtAQCCAoBOiVYAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2713,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_src_last_pkt_time":1499347292725420,"flow_dst_last_pkt_time":1499347292725523,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347292725523,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2V6LTEh8zFkmZ6AScSCeZwAAAgQFtAQCCAoD4\/bOATolWAEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":3,"flow_src_last_pkt_time":1499347292726317,"flow_dst_last_pkt_time":1499347292725523,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347292726317,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Az9AAD4GwpmsEAABwKgKMtleAFDMWSZni0xIfYAQAOU9bgAAAQEICgE6JVkD4\/bO"}
-01040{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":107,"flow_first_seen":1499347097460010,"flow_src_last_pkt_time":1499347166757702,"flow_dst_last_pkt_time":1499347166757721,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183592,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347159323115,"flow_src_last_pkt_time":1499347164659444,"flow_dst_last_pkt_time":1499347164658713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01194{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":107,"flow_first_seen":1499347097460010,"flow_src_last_pkt_time":1499347166757702,"flow_dst_last_pkt_time":1499347166757721,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183592,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347159323115,"flow_src_last_pkt_time":1499347164659444,"flow_dst_last_pkt_time":1499347164658713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347159323115,"flow_src_last_pkt_time":1499347164659444,"flow_dst_last_pkt_time":1499347164658713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347160581668,"flow_src_last_pkt_time":1499347165659256,"flow_dst_last_pkt_time":1499347165658655,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347160581668,"flow_src_last_pkt_time":1499347165659256,"flow_dst_last_pkt_time":1499347165658655,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347160581668,"flow_src_last_pkt_time":1499347165659256,"flow_dst_last_pkt_time":1499347165658655,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347164459731,"flow_src_last_pkt_time":1499347169660134,"flow_dst_last_pkt_time":1499347169659438,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347164459731,"flow_src_last_pkt_time":1499347169660134,"flow_dst_last_pkt_time":1499347169659438,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347164459731,"flow_src_last_pkt_time":1499347169660134,"flow_dst_last_pkt_time":1499347169659438,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347165741193,"flow_src_last_pkt_time":1499347171660786,"flow_dst_last_pkt_time":1499347171660049,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347165741193,"flow_src_last_pkt_time":1499347171660786,"flow_dst_last_pkt_time":1499347171660049,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347165741193,"flow_src_last_pkt_time":1499347171660786,"flow_dst_last_pkt_time":1499347171660049,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347292732357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347295224157,"flow_src_last_pkt_time":1499347295224157,"flow_dst_last_pkt_time":1499347295224157,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347295224157,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":1499347295224157,"flow_dst_last_pkt_time":1499347295224157,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347295224157,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CihAAD4Gu6isEAABwKgKMtl4AFDbgS3hAAAAAKACchBS1QAAAgQFtAQCCAoBOifJAAAAAAEDAwc="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_src_last_pkt_time":1499347295224157,"flow_dst_last_pkt_time":1499347295224250,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347295224250,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2XjDo5gx24Et4qAScSD6uwAAAgQFtAQCCAoD4\/k\/ATonyQEDAwc="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":3,"flow_src_last_pkt_time":1499347295224881,"flow_dst_last_pkt_time":1499347295224250,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347295224881,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CilAAD4Gu6+sEAABwKgKMtl4AFDbgS3iw6OYMoAQAOWZwwAAAQEICgE6J8kD4\/k\/"}
-01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347291442976,"flow_src_last_pkt_time":1499347295227921,"flow_dst_last_pkt_time":1499347291443100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347295227921,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347291442976,"flow_src_last_pkt_time":1499347295227921,"flow_dst_last_pkt_time":1499347291443100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347295227921,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347296462136,"flow_src_last_pkt_time":1499347296462136,"flow_dst_last_pkt_time":1499347296462136,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347296462136,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":1499347296462136,"flow_dst_last_pkt_time":1499347296462136,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347296462136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TjBAAD4Gd6CsEAABwKgKMtmGAFCTXWbOAAAAAKACchBgyQAAAgQFtAQCCAoBOij+AAAAAAEDAwc="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2744,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_src_last_pkt_time":1499347296462136,"flow_dst_last_pkt_time":1499347296462257,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347296462257,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2YaJqN5wk11mz6AScSD7NQAAAgQFtAQCCAoD4\/p1AToo\/gEDAwc="}
@@ -1019,24 +1019,24 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1499347300263398,"flow_dst_last_pkt_time":1499347300263398,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347300263398,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bohAAD4GV0isEAABwKgKMtmuAFBvk0I9AAAAAKACchClRQAAAgQFtAQCCAoBOiy1AAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2771,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_src_last_pkt_time":1499347300263398,"flow_dst_last_pkt_time":1499347300263526,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347300263526,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2a7Gy0E5b5NCPqAScSCcEAAAAgQFtAQCCAoD4\/4rATostQEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2772,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_src_last_pkt_time":1499347300264292,"flow_dst_last_pkt_time":1499347300263526,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347300264292,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bolAAD4GV0+sEAABwKgKMtmuAFBvk0I+xstBOoAQAOU7GAAAAQEICgE6LLUD4\/4r"}
-02389{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2779,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347291442976,"flow_src_last_pkt_time":1499347301278351,"flow_dst_last_pkt_time":1499347300267830,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16422,"midstream":0,"thread_ts_usec":1499347301278351,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":124,"avg":601942.8,"max":3784925,"stddev":935922.8,"var":875951489024.0,"ent":3.7,"data": [124,875,3784070,3784925,3065,3805,1003969,1007602,3694,223699,227380,3680,1007795,1011581,3778,255776,259460,3650,1007868,1011955,4221,230369,234793,4295,1037481,1041928,4473,238345,242041,3668,1009864]},"pktlen": {"min":52,"avg":716.9,"max":1921,"stddev":755.9,"var":571323.5,"ent":4.2,"data": [60,60,52,637,52,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.550921917,5.018822670,4.892748833,6.038469315,4.878231525,7.804656506,4.945419312,5.886735916,7.737145901,4.945419312,6.004831314,7.766214371,4.861793995,5.894402504,7.741394520,4.983880997,6.054348946,7.774952888,4.983880997,5.889629364,7.739490032,4.830034733,6.038223267,7.778916836,4.868495941,5.871979713,7.739353657,4.892440319,6.027006149,7.758635521,4.945419312,5.859021187]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02543{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2779,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347291442976,"flow_src_last_pkt_time":1499347301278351,"flow_dst_last_pkt_time":1499347300267830,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16422,"midstream":0,"thread_ts_usec":1499347301278351,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":124,"avg":601942.8,"max":3784925,"stddev":935922.8,"var":875951489024.0,"ent":3.7,"data": [124,875,3784070,3784925,3065,3805,1003969,1007602,3694,223699,227380,3680,1007795,1011581,3778,255776,259460,3650,1007868,1011955,4221,230369,234793,4295,1037481,1041928,4473,238345,242041,3668,1009864]},"pktlen": {"min":52,"avg":716.9,"max":1921,"stddev":755.9,"var":571323.5,"ent":4.2,"data": [60,60,52,637,52,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.550921917,5.018822670,4.892748833,6.038469315,4.878231525,7.804656506,4.945419312,5.886735916,7.737145901,4.945419312,6.004831314,7.766214371,4.861793995,5.894402504,7.741394520,4.983880997,6.054348946,7.774952888,4.983880997,5.889629364,7.739490032,4.830034733,6.038223267,7.778916836,4.868495941,5.871979713,7.739353657,4.892440319,6.027006149,7.758635521,4.945419312,5.859021187]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347301520809,"flow_src_last_pkt_time":1499347301520809,"flow_dst_last_pkt_time":1499347301520809,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347301520809,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_src_last_pkt_time":1499347301520809,"flow_dst_last_pkt_time":1499347301520809,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347301520809,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80Q9AAD4G9MCsEAABwKgKMtm8AFCdpvzgAAAAAKACchC7RgAAAgQFtAQCCAoBOi3vAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2783,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_src_last_pkt_time":1499347301520809,"flow_dst_last_pkt_time":1499347301520933,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347301520933,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2bw9W3Mnnab84aAScSAIWgAAAgQFtAQCCAoD4\/9lATot7wEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2784,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":3,"flow_src_last_pkt_time":1499347301521683,"flow_dst_last_pkt_time":1499347301520933,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347301521683,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00RBAAD4G9MesEAABwKgKMtm8AFCdpvzhPVtzKIAQAOWnYQAAAQEICgE6Le8D4\/9l"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347168302582,"flow_src_last_pkt_time":1499347173661532,"flow_dst_last_pkt_time":1499347173660819,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347168302582,"flow_src_last_pkt_time":1499347173661532,"flow_dst_last_pkt_time":1499347173660819,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347168302582,"flow_src_last_pkt_time":1499347173661532,"flow_dst_last_pkt_time":1499347173660819,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347169573975,"flow_src_last_pkt_time":1499347174661501,"flow_dst_last_pkt_time":1499347174660744,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347169573975,"flow_src_last_pkt_time":1499347174661501,"flow_dst_last_pkt_time":1499347174660744,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347169573975,"flow_src_last_pkt_time":1499347174661501,"flow_dst_last_pkt_time":1499347174660744,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347172098409,"flow_src_last_pkt_time":1499347177661715,"flow_dst_last_pkt_time":1499347177660973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347172098409,"flow_src_last_pkt_time":1499347177661715,"flow_dst_last_pkt_time":1499347177660973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347172098409,"flow_src_last_pkt_time":1499347177661715,"flow_dst_last_pkt_time":1499347177660973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347173373791,"flow_src_last_pkt_time":1499347178662171,"flow_dst_last_pkt_time":1499347178661408,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347173373791,"flow_src_last_pkt_time":1499347178662171,"flow_dst_last_pkt_time":1499347178661408,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347173373791,"flow_src_last_pkt_time":1499347178662171,"flow_dst_last_pkt_time":1499347178661408,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347174667312,"flow_src_last_pkt_time":1499347180662294,"flow_dst_last_pkt_time":1499347180661598,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347174667312,"flow_src_last_pkt_time":1499347180662294,"flow_dst_last_pkt_time":1499347180661598,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347174667312,"flow_src_last_pkt_time":1499347180662294,"flow_dst_last_pkt_time":1499347180661598,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347177248253,"flow_src_last_pkt_time":1499347182663358,"flow_dst_last_pkt_time":1499347182662642,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347177248253,"flow_src_last_pkt_time":1499347182663358,"flow_dst_last_pkt_time":1499347182662642,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347177248253,"flow_src_last_pkt_time":1499347182663358,"flow_dst_last_pkt_time":1499347182662642,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347178540348,"flow_src_last_pkt_time":1499347183663526,"flow_dst_last_pkt_time":1499347183662789,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347178540348,"flow_src_last_pkt_time":1499347183663526,"flow_dst_last_pkt_time":1499347183662789,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347178540348,"flow_src_last_pkt_time":1499347183663526,"flow_dst_last_pkt_time":1499347183662789,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347303701906,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347304125801,"flow_src_last_pkt_time":1499347304125801,"flow_dst_last_pkt_time":1499347304125801,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347304125801,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1499347304125801,"flow_dst_last_pkt_time":1499347304125801,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347304125801,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hKxAAD4GQSSsEAABwKgKMtnWAFBzErTWAAAAAKACchArQAAAAgQFtAQCCAoBOjB6AAAAAAEDAwc="}
@@ -1062,15 +1062,15 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_src_last_pkt_time":1499347313106006,"flow_dst_last_pkt_time":1499347313106006,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347313106006,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80LNAAD4G9RysEAABwKgKMto0AFBr7OnzAAAAAKACchD0JAAAAgQFtAQCCAoBOjlAAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_src_last_pkt_time":1499347313106006,"flow_dst_last_pkt_time":1499347313106166,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347313106166,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2jRgNfxEa+zp9KAScSCJ7wAAAgQFtAQCCAoD5Aq2ATo5QAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2877,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_src_last_pkt_time":1499347313106881,"flow_dst_last_pkt_time":1499347313106166,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347313106881,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00LRAAD4G9SOsEAABwKgKMto0AFBr7On0YDX8RYAQAOUo9wAAAQEICgE6OUAD5Aq2"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347181178834,"flow_src_last_pkt_time":1499347186665012,"flow_dst_last_pkt_time":1499347186664247,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347181178834,"flow_src_last_pkt_time":1499347186665012,"flow_dst_last_pkt_time":1499347186664247,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347181178834,"flow_src_last_pkt_time":1499347186665012,"flow_dst_last_pkt_time":1499347186664247,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347182435600,"flow_src_last_pkt_time":1499347187664811,"flow_dst_last_pkt_time":1499347187664212,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347182435600,"flow_src_last_pkt_time":1499347187664811,"flow_dst_last_pkt_time":1499347187664212,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347182435600,"flow_src_last_pkt_time":1499347187664811,"flow_dst_last_pkt_time":1499347187664212,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347183714891,"flow_src_last_pkt_time":1499347189665524,"flow_dst_last_pkt_time":1499347189664828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347183714891,"flow_src_last_pkt_time":1499347189665524,"flow_dst_last_pkt_time":1499347189664828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347183714891,"flow_src_last_pkt_time":1499347189665524,"flow_dst_last_pkt_time":1499347189664828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347186286838,"flow_src_last_pkt_time":1499347191666020,"flow_dst_last_pkt_time":1499347191665477,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347186286838,"flow_src_last_pkt_time":1499347191666020,"flow_dst_last_pkt_time":1499347191665477,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347186286838,"flow_src_last_pkt_time":1499347191666020,"flow_dst_last_pkt_time":1499347191665477,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347187548972,"flow_src_last_pkt_time":1499347192666944,"flow_dst_last_pkt_time":1499347192666172,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347187548972,"flow_src_last_pkt_time":1499347192666944,"flow_dst_last_pkt_time":1499347192666172,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347187548972,"flow_src_last_pkt_time":1499347192666944,"flow_dst_last_pkt_time":1499347192666172,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347313110819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347314358143,"flow_src_last_pkt_time":1499347314358143,"flow_dst_last_pkt_time":1499347314358143,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347314358143,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_src_last_pkt_time":1499347314358143,"flow_dst_last_pkt_time":1499347314358143,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347314358143,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wpZAAD4GAzqsEAABwKgKMtpCAFAntfjvAAAAAKACchAoGQAAAgQFtAQCCAoBOjp5AAAAAAEDAwc="}
@@ -1096,19 +1096,19 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_src_last_pkt_time":1499347323234546,"flow_dst_last_pkt_time":1499347323234546,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347323234546,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CttAAD4GuvWsEAABwKgKMtqgAFDxkUn\/AAAAAKACchAEJAAAAgQFtAQCCAoBOkMkAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_src_last_pkt_time":1499347323234546,"flow_dst_last_pkt_time":1499347323234700,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347323234700,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2qDnEfYn8ZFKAKAScSAPSwAAAgQFtAQCCAoD5BSaATpDJAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2958,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":3,"flow_src_last_pkt_time":1499347323235435,"flow_dst_last_pkt_time":1499347323234700,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347323235435,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CtxAAD4GuvysEAABwKgKMtqgAFDxkUoA5xH2KIAQAOWuUgAAAQEICgE6QyQD5BSa"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347188799750,"flow_src_last_pkt_time":1499347194667665,"flow_dst_last_pkt_time":1499347194666932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347188799750,"flow_src_last_pkt_time":1499347194667665,"flow_dst_last_pkt_time":1499347194666932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347188799750,"flow_src_last_pkt_time":1499347194667665,"flow_dst_last_pkt_time":1499347194666932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347190051246,"flow_src_last_pkt_time":1499347195667542,"flow_dst_last_pkt_time":1499347195666981,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347190051246,"flow_src_last_pkt_time":1499347195667542,"flow_dst_last_pkt_time":1499347195666981,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347190051246,"flow_src_last_pkt_time":1499347195667542,"flow_dst_last_pkt_time":1499347195666981,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347191299775,"flow_src_last_pkt_time":1499347196667988,"flow_dst_last_pkt_time":1499347196667233,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347191299775,"flow_src_last_pkt_time":1499347196667988,"flow_dst_last_pkt_time":1499347196667233,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347191299775,"flow_src_last_pkt_time":1499347196667988,"flow_dst_last_pkt_time":1499347196667233,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347192547043,"flow_src_last_pkt_time":1499347197669265,"flow_dst_last_pkt_time":1499347197668531,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347192547043,"flow_src_last_pkt_time":1499347197669265,"flow_dst_last_pkt_time":1499347197668531,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347192547043,"flow_src_last_pkt_time":1499347197669265,"flow_dst_last_pkt_time":1499347197668531,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347195099621,"flow_src_last_pkt_time":1499347200670049,"flow_dst_last_pkt_time":1499347200669309,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347195099621,"flow_src_last_pkt_time":1499347200670049,"flow_dst_last_pkt_time":1499347200669309,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347195099621,"flow_src_last_pkt_time":1499347200670049,"flow_dst_last_pkt_time":1499347200669309,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347196341596,"flow_src_last_pkt_time":1499347201670504,"flow_dst_last_pkt_time":1499347201669959,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347196341596,"flow_src_last_pkt_time":1499347201670504,"flow_dst_last_pkt_time":1499347201669959,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347196341596,"flow_src_last_pkt_time":1499347201670504,"flow_dst_last_pkt_time":1499347201669959,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347197627967,"flow_src_last_pkt_time":1499347202671105,"flow_dst_last_pkt_time":1499347202670342,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347197627967,"flow_src_last_pkt_time":1499347202671105,"flow_dst_last_pkt_time":1499347202670342,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347197627967,"flow_src_last_pkt_time":1499347202671105,"flow_dst_last_pkt_time":1499347202670342,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347323705629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347324538428,"flow_src_last_pkt_time":1499347324538428,"flow_dst_last_pkt_time":1499347324538428,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347324538428,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_src_last_pkt_time":1499347324538428,"flow_dst_last_pkt_time":1499347324538428,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347324538428,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uCpAAD4GDaasEAABwKgKMtquAFARp\/xAAAAAAKACchAweQAAAgQFtAQCCAoBOkRqAAAAAAEDAwc="}
@@ -1134,17 +1134,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_src_last_pkt_time":1499347333419946,"flow_dst_last_pkt_time":1499347333419946,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347333419946,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bENAAD4GWY2sEAABwKgKMtsMAFCNWiFVAAAAAKACchCGpwAAAgQFtAQCCAoBOk0WAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3041,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":2,"flow_src_last_pkt_time":1499347333419946,"flow_dst_last_pkt_time":1499347333420039,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347333420039,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2wzHhupcjVohVqAScSCzMgAAAgQFtAQCCAoD5B6MATpNFgEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":3,"flow_src_last_pkt_time":1499347333420829,"flow_dst_last_pkt_time":1499347333420039,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347333420829,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bERAAD4GWZSsEAABwKgKMtsMAFCNWiFWx4bqXYAQAOVSOgAAAQEICgE6TRYD5B6M"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347200170946,"flow_src_last_pkt_time":1499347205672351,"flow_dst_last_pkt_time":1499347205671601,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347200170946,"flow_src_last_pkt_time":1499347205672351,"flow_dst_last_pkt_time":1499347205671601,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347200170946,"flow_src_last_pkt_time":1499347205672351,"flow_dst_last_pkt_time":1499347205671601,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347201471316,"flow_src_last_pkt_time":1499347206672011,"flow_dst_last_pkt_time":1499347206671231,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347201471316,"flow_src_last_pkt_time":1499347206672011,"flow_dst_last_pkt_time":1499347206671231,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347201471316,"flow_src_last_pkt_time":1499347206672011,"flow_dst_last_pkt_time":1499347206671231,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347202722084,"flow_src_last_pkt_time":1499347208672448,"flow_dst_last_pkt_time":1499347208671653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347202722084,"flow_src_last_pkt_time":1499347208672448,"flow_dst_last_pkt_time":1499347208671653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347202722084,"flow_src_last_pkt_time":1499347208672448,"flow_dst_last_pkt_time":1499347208671653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347205214121,"flow_src_last_pkt_time":1499347210673115,"flow_dst_last_pkt_time":1499347210672337,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347205214121,"flow_src_last_pkt_time":1499347210673115,"flow_dst_last_pkt_time":1499347210672337,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347205214121,"flow_src_last_pkt_time":1499347210673115,"flow_dst_last_pkt_time":1499347210672337,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347206497401,"flow_src_last_pkt_time":1499347211674094,"flow_dst_last_pkt_time":1499347211673389,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347206497401,"flow_src_last_pkt_time":1499347211674094,"flow_dst_last_pkt_time":1499347211673389,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347206497401,"flow_src_last_pkt_time":1499347211674094,"flow_dst_last_pkt_time":1499347211673389,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347207764522,"flow_src_last_pkt_time":1499347213674658,"flow_dst_last_pkt_time":1499347213674089,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347207764522,"flow_src_last_pkt_time":1499347213674658,"flow_dst_last_pkt_time":1499347213674089,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347207764522,"flow_src_last_pkt_time":1499347213674658,"flow_dst_last_pkt_time":1499347213674089,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347333709262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347334667316,"flow_src_last_pkt_time":1499347334667316,"flow_dst_last_pkt_time":1499347334667316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347334667316,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_src_last_pkt_time":1499347334667316,"flow_dst_last_pkt_time":1499347334667316,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347334667316,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ruhAAD4GFuisEAABwKgKMtsaAFCxtOCmAAAAAKACchChtQAAAgQFtAQCCAoBOk5OAAAAAAEDAwc="}
@@ -1174,15 +1174,15 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_src_last_pkt_time":1499347343672802,"flow_dst_last_pkt_time":1499347343672802,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347343672802,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83PZAAD4G6NmsEAABwKgKMtt6AFBC4YvvAAAAAKACchBcFQAAAgQFtAQCCAoBOlcZAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_src_last_pkt_time":1499347343672802,"flow_dst_last_pkt_time":1499347343672949,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347343672949,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ23pctqnYQuGL8KAScSAp8gAAAgQFtAQCCAoD5CiPATpXGQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":3,"flow_src_last_pkt_time":1499347343673650,"flow_dst_last_pkt_time":1499347343672949,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347343673650,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03PdAAD4G6OCsEAABwKgKMtt6AFBC4YvwXLap2YAQAOXI+AAAAQEICgE6VxoD5CiP"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347210270105,"flow_src_last_pkt_time":1499347215675564,"flow_dst_last_pkt_time":1499347215675010,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347210270105,"flow_src_last_pkt_time":1499347215675564,"flow_dst_last_pkt_time":1499347215675010,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347210270105,"flow_src_last_pkt_time":1499347215675564,"flow_dst_last_pkt_time":1499347215675010,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347211522672,"flow_src_last_pkt_time":1499347216676934,"flow_dst_last_pkt_time":1499347216676205,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347211522672,"flow_src_last_pkt_time":1499347216676934,"flow_dst_last_pkt_time":1499347216676205,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347211522672,"flow_src_last_pkt_time":1499347216676934,"flow_dst_last_pkt_time":1499347216676205,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347214088992,"flow_src_last_pkt_time":1499347219676370,"flow_dst_last_pkt_time":1499347219675610,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347214088992,"flow_src_last_pkt_time":1499347219676370,"flow_dst_last_pkt_time":1499347219675610,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347214088992,"flow_src_last_pkt_time":1499347219676370,"flow_dst_last_pkt_time":1499347219675610,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347215361542,"flow_src_last_pkt_time":1499347220676152,"flow_dst_last_pkt_time":1499347220675602,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347215361542,"flow_src_last_pkt_time":1499347220676152,"flow_dst_last_pkt_time":1499347220675602,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347215361542,"flow_src_last_pkt_time":1499347220676152,"flow_dst_last_pkt_time":1499347220675602,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347216659724,"flow_src_last_pkt_time":1499347221677281,"flow_dst_last_pkt_time":1499347221676668,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347216659724,"flow_src_last_pkt_time":1499347221677281,"flow_dst_last_pkt_time":1499347221676668,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347216659724,"flow_src_last_pkt_time":1499347221677281,"flow_dst_last_pkt_time":1499347221676668,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347343711818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347346211046,"flow_src_last_pkt_time":1499347346211046,"flow_dst_last_pkt_time":1499347346211046,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347346211046,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_src_last_pkt_time":1499347346211046,"flow_dst_last_pkt_time":1499347346211046,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347346211046,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZYhAAD4GYEisEAABwKgKMtuUAFCjBDwcAAAAAKACchBJMAAAAgQFtAQCCAoBOlmUAAAAAAEDAwc="}
@@ -1204,17 +1204,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_src_last_pkt_time":1499347352698990,"flow_dst_last_pkt_time":1499347352698990,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347352698990,"pkt":"ABm5CmnxAMGxFOsxCABFAAA894dAAD4GzkisEAABwKgKMtvYAFB9d6htAAAAAKACchD70QAAAgQFtAQCCAoBOl\/qAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3203,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_src_last_pkt_time":1499347352698990,"flow_dst_last_pkt_time":1499347352699146,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347352699146,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ29gsQT\/ffXeobqAScSBbTAAAAgQFtAQCCAoD5DFgATpf6gEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_src_last_pkt_time":1499347352699665,"flow_dst_last_pkt_time":1499347352699146,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347352699665,"pkt":"ABm5CmnxAMGxFOsxCABFAAA094hAAD4Gzk+sEAABwKgKMtvYAFB9d6huLEE\/4IAQAOX6UwAAAQEICgE6X+oD5DFg"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347219208358,"flow_src_last_pkt_time":1499347224678056,"flow_dst_last_pkt_time":1499347224677345,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347219208358,"flow_src_last_pkt_time":1499347224678056,"flow_dst_last_pkt_time":1499347224677345,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347219208358,"flow_src_last_pkt_time":1499347224678056,"flow_dst_last_pkt_time":1499347224677345,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347220447373,"flow_src_last_pkt_time":1499347225677535,"flow_dst_last_pkt_time":1499347225676984,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347220447373,"flow_src_last_pkt_time":1499347225677535,"flow_dst_last_pkt_time":1499347225676984,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347220447373,"flow_src_last_pkt_time":1499347225677535,"flow_dst_last_pkt_time":1499347225676984,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347221694992,"flow_src_last_pkt_time":1499347227677963,"flow_dst_last_pkt_time":1499347227677420,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347221694992,"flow_src_last_pkt_time":1499347227677963,"flow_dst_last_pkt_time":1499347227677420,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347221694992,"flow_src_last_pkt_time":1499347227677963,"flow_dst_last_pkt_time":1499347227677420,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347224338550,"flow_src_last_pkt_time":1499347229678983,"flow_dst_last_pkt_time":1499347229678445,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347224338550,"flow_src_last_pkt_time":1499347229678983,"flow_dst_last_pkt_time":1499347229678445,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347224338550,"flow_src_last_pkt_time":1499347229678983,"flow_dst_last_pkt_time":1499347229678445,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347225590247,"flow_src_last_pkt_time":1499347230679597,"flow_dst_last_pkt_time":1499347230678898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347225590247,"flow_src_last_pkt_time":1499347230679597,"flow_dst_last_pkt_time":1499347230678898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347225590247,"flow_src_last_pkt_time":1499347230679597,"flow_dst_last_pkt_time":1499347230678898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-01137{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347163177633,"flow_src_last_pkt_time":1499347230695898,"flow_dst_last_pkt_time":1499347230695923,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183673,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01291{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347163177633,"flow_src_last_pkt_time":1499347230695898,"flow_dst_last_pkt_time":1499347230695923,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183673,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347355229572,"flow_src_last_pkt_time":1499347355229572,"flow_dst_last_pkt_time":1499347355229572,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347355229572,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_src_last_pkt_time":1499347355229572,"flow_dst_last_pkt_time":1499347355229572,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347355229572,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GHxAAD4GrVSsEAABwKgKMtvyAFB7gnofAAAAAKACchApggAAAgQFtAQCCAoBOmJjAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_src_last_pkt_time":1499347355229572,"flow_dst_last_pkt_time":1499347355229696,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347355229696,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2\/L7jmGSe4J6IKAScSCVgwAAAgQFtAQCCAoD5DPYATpiYwEDAwc="}
@@ -1227,7 +1227,7 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_src_last_pkt_time":1499347357727928,"flow_dst_last_pkt_time":1499347357727928,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347357727928,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p9BAAD4GHgCsEAABwKgKMtwOAFCyy8MDAAAAAKACchCmyAAAAgQFtAQCCAoBOmTTAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3248,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_src_last_pkt_time":1499347357727928,"flow_dst_last_pkt_time":1499347357727995,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347357727995,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3A4qYd\/GssvDBKAScSBjUgAAAgQFtAQCCAoD5DZJATpk0wEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":3,"flow_src_last_pkt_time":1499347357728738,"flow_dst_last_pkt_time":1499347357727995,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347357728738,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p9FAAD4GHgesEAABwKgKMtwOAFCyy8MEKmHfx4AQAOUCWgAAAQEICgE6ZNMD5DZJ"}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347355229572,"flow_src_last_pkt_time":1499347360034968,"flow_dst_last_pkt_time":1499347355229696,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347360034968,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347355229572,"flow_src_last_pkt_time":1499347360034968,"flow_dst_last_pkt_time":1499347355229696,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347360034968,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347360285446,"flow_src_last_pkt_time":1499347360285446,"flow_dst_last_pkt_time":1499347360285446,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347360285446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_src_last_pkt_time":1499347360285446,"flow_dst_last_pkt_time":1499347360285446,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347360285446,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8h\/1AAD4GPdOsEAABwKgKMtwoAFB3hOCvAAAAAKACchDBygAAAgQFtAQCCAoBOmdSAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_src_last_pkt_time":1499347360285446,"flow_dst_last_pkt_time":1499347360285542,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347360285542,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Ci3TdMGd4TgsKAScSD7qAAAAgQFtAQCCAoD5DjIATpnUgEDAwc="}
@@ -1240,19 +1240,19 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3298,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_src_last_pkt_time":1499347364056755,"flow_dst_last_pkt_time":1499347364056755,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347364056755,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+jlAAD4Gy5asEAABwKgKMtxQAFCMb5E4AAAAAKACchD4fwAAAgQFtAQCCAoBOmsBAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_src_last_pkt_time":1499347364056755,"flow_dst_last_pkt_time":1499347364056881,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347364056881,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3FBchRpEjG+ROaAScSBCOgAAAgQFtAQCCAoD5Dx3ATprAQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3300,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_src_last_pkt_time":1499347364057638,"flow_dst_last_pkt_time":1499347364056881,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347364057638,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+jpAAD4Gy52sEAABwKgKMtxQAFCMb5E5XIUaRYAQAOXhQAAAAQEICgE6awID5Dx3"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347229416931,"flow_src_last_pkt_time":1499347234681066,"flow_dst_last_pkt_time":1499347234680363,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347229416931,"flow_src_last_pkt_time":1499347234681066,"flow_dst_last_pkt_time":1499347234680363,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347229416931,"flow_src_last_pkt_time":1499347234681066,"flow_dst_last_pkt_time":1499347234680363,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347230690806,"flow_src_last_pkt_time":1499347236682228,"flow_dst_last_pkt_time":1499347236681485,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347230690806,"flow_src_last_pkt_time":1499347236682228,"flow_dst_last_pkt_time":1499347236681485,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347230690806,"flow_src_last_pkt_time":1499347236682228,"flow_dst_last_pkt_time":1499347236681485,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347233219454,"flow_src_last_pkt_time":1499347238682299,"flow_dst_last_pkt_time":1499347238681730,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347233219454,"flow_src_last_pkt_time":1499347238682299,"flow_dst_last_pkt_time":1499347238681730,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347233219454,"flow_src_last_pkt_time":1499347238682299,"flow_dst_last_pkt_time":1499347238681730,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347234469555,"flow_src_last_pkt_time":1499347239682509,"flow_dst_last_pkt_time":1499347239681844,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347234469555,"flow_src_last_pkt_time":1499347239682509,"flow_dst_last_pkt_time":1499347239681844,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347234469555,"flow_src_last_pkt_time":1499347239682509,"flow_dst_last_pkt_time":1499347239681844,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347235716450,"flow_src_last_pkt_time":1499347241682595,"flow_dst_last_pkt_time":1499347241682043,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347235716450,"flow_src_last_pkt_time":1499347241682595,"flow_dst_last_pkt_time":1499347241682043,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347235716450,"flow_src_last_pkt_time":1499347241682595,"flow_dst_last_pkt_time":1499347241682043,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347238260432,"flow_src_last_pkt_time":1499347243683907,"flow_dst_last_pkt_time":1499347243683316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347238260432,"flow_src_last_pkt_time":1499347243683907,"flow_dst_last_pkt_time":1499347243683316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347238260432,"flow_src_last_pkt_time":1499347243683907,"flow_dst_last_pkt_time":1499347243683316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347364061294,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-02288{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3305,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1499347355229572,"flow_src_last_pkt_time":1499347365069246,"flow_dst_last_pkt_time":1499347365072209,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4255,"flow_dst_tot_l4_payload_len":16323,"midstream":0,"thread_ts_usec":1499347365072209,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":49,"avg":634913.3,"max":4805402,"stddev":1169757.4,"var":1368332173312.0,"ent":3.4,"data": [124,694,4804702,4805402,3052,3844,248597,252202,3707,1022416,1026219,3805,225184,229157,49,3959,1026815,1030902,4151,232536,236200,80,3611,1006031,1010739,4812,233237,236850,3621,1007952,1011661]},"pktlen": {"min":52,"avg":695.6,"max":1920,"stddev":708.0,"var":501313.9,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1920,52,435,1822,52,637,1500,472,52,435,1822,52,637,1500,472,52,435,1822,52,637,1920,52,435,1822]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,7]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,0,1],"entropies": [4.605007172,5.106241703,4.969672203,5.887770653,4.931210041,7.737622738,4.900255680,6.023592472,7.759787560,4.945419312,5.879158020,7.735323429,4.945419312,6.020521164,7.675088406,7.536506176,4.770353794,5.889800072,7.738374233,5.022342682,6.041303158,7.670452118,7.573883533,4.983880997,5.897212029,7.740057945,4.983880997,6.042107105,7.747768879,4.945419312,5.886207581,7.738952160]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02442{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3305,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1499347355229572,"flow_src_last_pkt_time":1499347365069246,"flow_dst_last_pkt_time":1499347365072209,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4255,"flow_dst_tot_l4_payload_len":16323,"midstream":0,"thread_ts_usec":1499347365072209,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":49,"avg":634913.3,"max":4805402,"stddev":1169757.4,"var":1368332173312.0,"ent":3.4,"data": [124,694,4804702,4805402,3052,3844,248597,252202,3707,1022416,1026219,3805,225184,229157,49,3959,1026815,1030902,4151,232536,236200,80,3611,1006031,1010739,4812,233237,236850,3621,1007952,1011661]},"pktlen": {"min":52,"avg":695.6,"max":1920,"stddev":708.0,"var":501313.9,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1920,52,435,1822,52,637,1500,472,52,435,1822,52,637,1500,472,52,435,1822,52,637,1920,52,435,1822]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,7]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,0,1],"entropies": [4.605007172,5.106241703,4.969672203,5.887770653,4.931210041,7.737622738,4.900255680,6.023592472,7.759787560,4.945419312,5.879158020,7.735323429,4.945419312,6.020521164,7.675088406,7.536506176,4.770353794,5.889800072,7.738374233,5.022342682,6.041303158,7.670452118,7.573883533,4.983880997,5.897212029,7.740057945,4.983880997,6.042107105,7.747768879,4.945419312,5.886207581,7.738952160]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347365320773,"flow_src_last_pkt_time":1499347365320773,"flow_dst_last_pkt_time":1499347365320773,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347365320773,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_src_last_pkt_time":1499347365320773,"flow_dst_last_pkt_time":1499347365320773,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347365320773,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CZFAAD4GvD+sEAABwKgKMtxeAFCYJmWsAAAAAKACchAXCwAAAgQFtAQCCAoBOmw9AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_src_last_pkt_time":1499347365320773,"flow_dst_last_pkt_time":1499347365320933,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347365320933,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3F6n4QiemCZlraAScSAl0wAAAgQFtAQCCAoD5D2zATpsPQEDAwc="}
@@ -1277,19 +1277,19 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_src_last_pkt_time":1499347374136369,"flow_dst_last_pkt_time":1499347374136369,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347374136369,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DktAAD4Gt4WsEAABwKgKMty8AFAnfHqSAAAAAKACchBp1QAAAgQFtAQCCAoBOnTZAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":2,"flow_src_last_pkt_time":1499347374136369,"flow_dst_last_pkt_time":1499347374136472,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347374136472,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3LxHeFJ\/J3x6k6AScSCGiQAAAgQFtAQCCAoD5EZPATp02QEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3381,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":3,"flow_src_last_pkt_time":1499347374137270,"flow_dst_last_pkt_time":1499347374136472,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347374137270,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DkxAAD4Gt4ysEAABwKgKMty8AFAnfHqTR3hSgIAQAOUlkAAAAQEICgE6dNoD5EZP"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347239517421,"flow_src_last_pkt_time":1499347244683776,"flow_dst_last_pkt_time":1499347244683027,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347239517421,"flow_src_last_pkt_time":1499347244683776,"flow_dst_last_pkt_time":1499347244683027,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347239517421,"flow_src_last_pkt_time":1499347244683776,"flow_dst_last_pkt_time":1499347244683027,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347240786524,"flow_src_last_pkt_time":1499347246684535,"flow_dst_last_pkt_time":1499347246683972,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347240786524,"flow_src_last_pkt_time":1499347246684535,"flow_dst_last_pkt_time":1499347246683972,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347240786524,"flow_src_last_pkt_time":1499347246684535,"flow_dst_last_pkt_time":1499347246683972,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347243333607,"flow_src_last_pkt_time":1499347248684497,"flow_dst_last_pkt_time":1499347248683941,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347243333607,"flow_src_last_pkt_time":1499347248684497,"flow_dst_last_pkt_time":1499347248683941,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347243333607,"flow_src_last_pkt_time":1499347248684497,"flow_dst_last_pkt_time":1499347248683941,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347244580438,"flow_src_last_pkt_time":1499347249685220,"flow_dst_last_pkt_time":1499347249684434,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347244580438,"flow_src_last_pkt_time":1499347249685220,"flow_dst_last_pkt_time":1499347249684434,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347244580438,"flow_src_last_pkt_time":1499347249685220,"flow_dst_last_pkt_time":1499347249684434,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347247114373,"flow_src_last_pkt_time":1499347252685993,"flow_dst_last_pkt_time":1499347252685442,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347247114373,"flow_src_last_pkt_time":1499347252685993,"flow_dst_last_pkt_time":1499347252685442,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347247114373,"flow_src_last_pkt_time":1499347252685993,"flow_dst_last_pkt_time":1499347252685442,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347248373777,"flow_src_last_pkt_time":1499347253687281,"flow_dst_last_pkt_time":1499347253686503,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347248373777,"flow_src_last_pkt_time":1499347253687281,"flow_dst_last_pkt_time":1499347253686503,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347248373777,"flow_src_last_pkt_time":1499347253687281,"flow_dst_last_pkt_time":1499347253686503,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347249651918,"flow_src_last_pkt_time":1499347254687501,"flow_dst_last_pkt_time":1499347254686787,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347249651918,"flow_src_last_pkt_time":1499347254687501,"flow_dst_last_pkt_time":1499347254686787,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347249651918,"flow_src_last_pkt_time":1499347254687501,"flow_dst_last_pkt_time":1499347254686787,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347374718827,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347375388370,"flow_src_last_pkt_time":1499347375388370,"flow_dst_last_pkt_time":1499347375388370,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347375388370,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_src_last_pkt_time":1499347375388370,"flow_dst_last_pkt_time":1499347375388370,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347375388370,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VfhAAD4Gb9isEAABwKgKMtzKAFDNpCPqAAAAAKACchAZDgAAAgQFtAQCCAoBOnYSAAAAAAEDAwc="}
@@ -1315,15 +1315,15 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_src_last_pkt_time":1499347384186315,"flow_dst_last_pkt_time":1499347384186315,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347384186315,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bHdAAD4GWVmsEAABwKgKMt0oAFALKxLdAAAAAKACchDjngAAAgQFtAQCCAoBOn6qAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3465,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_src_last_pkt_time":1499347384186315,"flow_dst_last_pkt_time":1499347384186470,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347384186470,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Sg6aAAMCysS3qAScSBWBQAAAgQFtAQCCAoD5FAgATp+qgEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_src_last_pkt_time":1499347384187181,"flow_dst_last_pkt_time":1499347384186470,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347384187181,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bHhAAD4GWWCsEAABwKgKMt0oAFALKxLeOmgADYAQAOX1DAAAAQEICgE6fqoD5FAg"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347252179696,"flow_src_last_pkt_time":1499347257688237,"flow_dst_last_pkt_time":1499347257687687,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347252179696,"flow_src_last_pkt_time":1499347257688237,"flow_dst_last_pkt_time":1499347257687687,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347252179696,"flow_src_last_pkt_time":1499347257688237,"flow_dst_last_pkt_time":1499347257687687,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347253445070,"flow_src_last_pkt_time":1499347258688724,"flow_dst_last_pkt_time":1499347258688174,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347253445070,"flow_src_last_pkt_time":1499347258688724,"flow_dst_last_pkt_time":1499347258688174,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347253445070,"flow_src_last_pkt_time":1499347258688724,"flow_dst_last_pkt_time":1499347258688174,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347254714412,"flow_src_last_pkt_time":1499347260689680,"flow_dst_last_pkt_time":1499347260688932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347254714412,"flow_src_last_pkt_time":1499347260689680,"flow_dst_last_pkt_time":1499347260688932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347254714412,"flow_src_last_pkt_time":1499347260689680,"flow_dst_last_pkt_time":1499347260688932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347257224854,"flow_src_last_pkt_time":1499347262689407,"flow_dst_last_pkt_time":1499347262688825,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347257224854,"flow_src_last_pkt_time":1499347262689407,"flow_dst_last_pkt_time":1499347262688825,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347257224854,"flow_src_last_pkt_time":1499347262689407,"flow_dst_last_pkt_time":1499347262688825,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347258474053,"flow_src_last_pkt_time":1499347263689920,"flow_dst_last_pkt_time":1499347263689147,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347258474053,"flow_src_last_pkt_time":1499347263689920,"flow_dst_last_pkt_time":1499347263689147,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347258474053,"flow_src_last_pkt_time":1499347263689920,"flow_dst_last_pkt_time":1499347263689147,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347384721977,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347385481030,"flow_src_last_pkt_time":1499347385481030,"flow_dst_last_pkt_time":1499347385481030,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347385481030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_src_last_pkt_time":1499347385481030,"flow_dst_last_pkt_time":1499347385481030,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347385481030,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VSxAAD4GcKSsEAABwKgKMt02AFBQ3SrBAAAAAKACchCEtwAAAgQFtAQCCAoBOn\/tAAAAAAEDAwc="}
@@ -1349,19 +1349,19 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_src_last_pkt_time":1499347394398432,"flow_dst_last_pkt_time":1499347394398432,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347394398432,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eldAAD4GS3msEAABwKgKMt2UAFCjvfL0AAAAAKACchBgjwAAAgQFtAQCCAoBOoijAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_src_last_pkt_time":1499347394398432,"flow_dst_last_pkt_time":1499347394398557,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347394398557,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ZQ04Dogo73y9aAScSCUcAAAAgQFtAQCCAoD5FoZATqIowEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":3,"flow_src_last_pkt_time":1499347394399310,"flow_dst_last_pkt_time":1499347394398557,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347394399310,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0elhAAD4GS4CsEAABwKgKMt2UAFCjvfL1NOA6IYAQAOUzeAAAAQEICgE6iKMD5FoZ"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347259759681,"flow_src_last_pkt_time":1499347265691364,"flow_dst_last_pkt_time":1499347265690626,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347259759681,"flow_src_last_pkt_time":1499347265691364,"flow_dst_last_pkt_time":1499347265690626,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347259759681,"flow_src_last_pkt_time":1499347265691364,"flow_dst_last_pkt_time":1499347265690626,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347262289310,"flow_src_last_pkt_time":1499347267691805,"flow_dst_last_pkt_time":1499347267691060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347262289310,"flow_src_last_pkt_time":1499347267691805,"flow_dst_last_pkt_time":1499347267691060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347262289310,"flow_src_last_pkt_time":1499347267691805,"flow_dst_last_pkt_time":1499347267691060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347263542761,"flow_src_last_pkt_time":1499347268692451,"flow_dst_last_pkt_time":1499347268691724,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347263542761,"flow_src_last_pkt_time":1499347268692451,"flow_dst_last_pkt_time":1499347268691724,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347263542761,"flow_src_last_pkt_time":1499347268692451,"flow_dst_last_pkt_time":1499347268691724,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347264804951,"flow_src_last_pkt_time":1499347270693067,"flow_dst_last_pkt_time":1499347270692290,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347264804951,"flow_src_last_pkt_time":1499347270693067,"flow_dst_last_pkt_time":1499347270692290,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347264804951,"flow_src_last_pkt_time":1499347270693067,"flow_dst_last_pkt_time":1499347270692290,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347266097966,"flow_src_last_pkt_time":1499347271692717,"flow_dst_last_pkt_time":1499347271692113,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347266097966,"flow_src_last_pkt_time":1499347271692717,"flow_dst_last_pkt_time":1499347271692113,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347266097966,"flow_src_last_pkt_time":1499347271692717,"flow_dst_last_pkt_time":1499347271692113,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347267376627,"flow_src_last_pkt_time":1499347272693887,"flow_dst_last_pkt_time":1499347272693155,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347267376627,"flow_src_last_pkt_time":1499347272693887,"flow_dst_last_pkt_time":1499347272693155,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347267376627,"flow_src_last_pkt_time":1499347272693887,"flow_dst_last_pkt_time":1499347272693155,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347268659064,"flow_src_last_pkt_time":1499347273693548,"flow_dst_last_pkt_time":1499347273693001,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347268659064,"flow_src_last_pkt_time":1499347273693548,"flow_dst_last_pkt_time":1499347273693001,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347268659064,"flow_src_last_pkt_time":1499347273693548,"flow_dst_last_pkt_time":1499347273693001,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347394723279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347395736207,"flow_src_last_pkt_time":1499347395736207,"flow_dst_last_pkt_time":1499347395736207,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347395736207,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_src_last_pkt_time":1499347395736207,"flow_dst_last_pkt_time":1499347395736207,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347395736207,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86QJAAD4G3M2sEAABwKgKMt2iAFAP0mDzAAAAAKACchCFIAAAAgQFtAQCCAoBOonxAAAAAAEDAwc="}
@@ -1387,15 +1387,15 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_src_last_pkt_time":1499347404575323,"flow_dst_last_pkt_time":1499347404575323,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347404575323,"pkt":"ABm5CmnxAMGxFOsxCABFAAA871lAAD4G1nasEAABwKgKMt4AAFBz\/X3KAAAAAKACchD7HQAAAgQFtAQCCAoBOpKTAAAAAAEDAwc="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3639,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_src_last_pkt_time":1499347404575323,"flow_dst_last_pkt_time":1499347404575446,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347404575446,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3gCf5c\/zc\/19y6AScSAkNgAAAgQFtAQCCAoD5GQJATqSkwEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3641,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":3,"flow_src_last_pkt_time":1499347404576193,"flow_dst_last_pkt_time":1499347404575446,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347404576193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071pAAD4G1n2sEAABwKgKMt4AAFBz\/X3Ln+XP9IAQAOXDPQAAAQEICgE6kpMD5GQJ"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347271162915,"flow_src_last_pkt_time":1499347276694573,"flow_dst_last_pkt_time":1499347276693837,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347271162915,"flow_src_last_pkt_time":1499347276694573,"flow_dst_last_pkt_time":1499347276693837,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347271162915,"flow_src_last_pkt_time":1499347276694573,"flow_dst_last_pkt_time":1499347276693837,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347272469831,"flow_src_last_pkt_time":1499347277695163,"flow_dst_last_pkt_time":1499347277694464,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347272469831,"flow_src_last_pkt_time":1499347277695163,"flow_dst_last_pkt_time":1499347277694464,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347272469831,"flow_src_last_pkt_time":1499347277695163,"flow_dst_last_pkt_time":1499347277694464,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347273742540,"flow_src_last_pkt_time":1499347279695892,"flow_dst_last_pkt_time":1499347279695152,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347273742540,"flow_src_last_pkt_time":1499347279695892,"flow_dst_last_pkt_time":1499347279695152,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347273742540,"flow_src_last_pkt_time":1499347279695892,"flow_dst_last_pkt_time":1499347279695152,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347276278643,"flow_src_last_pkt_time":1499347281695939,"flow_dst_last_pkt_time":1499347281695198,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347276278643,"flow_src_last_pkt_time":1499347281695939,"flow_dst_last_pkt_time":1499347281695198,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347276278643,"flow_src_last_pkt_time":1499347281695939,"flow_dst_last_pkt_time":1499347281695198,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347277521080,"flow_src_last_pkt_time":1499347282696361,"flow_dst_last_pkt_time":1499347282695643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347277521080,"flow_src_last_pkt_time":1499347282696361,"flow_dst_last_pkt_time":1499347282695643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347277521080,"flow_src_last_pkt_time":1499347282696361,"flow_dst_last_pkt_time":1499347282695643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347404726147,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347407100505,"flow_src_last_pkt_time":1499347407100505,"flow_dst_last_pkt_time":1499347407100505,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347407100505,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_src_last_pkt_time":1499347407100505,"flow_dst_last_pkt_time":1499347407100505,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347407100505,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oV1AAD4GJHOsEAABwKgKMt4aAFCK7TRXAAAAAKACchArEAAAAgQFtAQCCAoBOpUKAAAAAAEDAwc="}
@@ -1421,17 +1421,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_src_last_pkt_time":1499347414709999,"flow_dst_last_pkt_time":1499347414709999,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347414709999,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LQhAAD4GmMisEAABwKgKMt5sAFBxqrFxAAAAAKACchC\/dwAAAgQFtAQCCAoBOpx5AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3724,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_src_last_pkt_time":1499347414709999,"flow_dst_last_pkt_time":1499347414710160,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347414710160,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3mzO8Ll1caqxcqAScSDGHAAAAgQFtAQCCAoD5G3vATqceQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3725,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":3,"flow_src_last_pkt_time":1499347414710690,"flow_dst_last_pkt_time":1499347414710160,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347414710690,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LQlAAD4GmM+sEAABwKgKMt5sAFBxqrFyzvC5doAQAOVlJAAAAQEICgE6nHkD5G3v"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347280049679,"flow_src_last_pkt_time":1499347285697369,"flow_dst_last_pkt_time":1499347285696634,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347280049679,"flow_src_last_pkt_time":1499347285697369,"flow_dst_last_pkt_time":1499347285696634,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347280049679,"flow_src_last_pkt_time":1499347285697369,"flow_dst_last_pkt_time":1499347285696634,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347281325238,"flow_src_last_pkt_time":1499347286697272,"flow_dst_last_pkt_time":1499347286696523,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347281325238,"flow_src_last_pkt_time":1499347286697272,"flow_dst_last_pkt_time":1499347286696523,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347281325238,"flow_src_last_pkt_time":1499347286697272,"flow_dst_last_pkt_time":1499347286696523,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347282573995,"flow_src_last_pkt_time":1499347287697349,"flow_dst_last_pkt_time":1499347287696611,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347282573995,"flow_src_last_pkt_time":1499347287697349,"flow_dst_last_pkt_time":1499347287696611,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347282573995,"flow_src_last_pkt_time":1499347287697349,"flow_dst_last_pkt_time":1499347287696611,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347285114428,"flow_src_last_pkt_time":1499347290698321,"flow_dst_last_pkt_time":1499347290697806,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347285114428,"flow_src_last_pkt_time":1499347290698321,"flow_dst_last_pkt_time":1499347290697806,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347285114428,"flow_src_last_pkt_time":1499347290698321,"flow_dst_last_pkt_time":1499347290697806,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347286403653,"flow_src_last_pkt_time":1499347291698667,"flow_dst_last_pkt_time":1499347291697899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347286403653,"flow_src_last_pkt_time":1499347291698667,"flow_dst_last_pkt_time":1499347291697899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347286403653,"flow_src_last_pkt_time":1499347291698667,"flow_dst_last_pkt_time":1499347291697899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347287659781,"flow_src_last_pkt_time":1499347292698683,"flow_dst_last_pkt_time":1499347292698142,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347287659781,"flow_src_last_pkt_time":1499347292698683,"flow_dst_last_pkt_time":1499347292698142,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347287659781,"flow_src_last_pkt_time":1499347292698683,"flow_dst_last_pkt_time":1499347292698142,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347414728569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347417243856,"flow_src_last_pkt_time":1499347417243856,"flow_dst_last_pkt_time":1499347417243856,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347417243856,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_src_last_pkt_time":1499347417243856,"flow_dst_last_pkt_time":1499347417243856,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347417243856,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82KJAAD4G7S2sEAABwKgKMt6GAFDK0UZQAAAAAKACchDO3gAAAgQFtAQCCAoBOp7yAAAAAAEDAwc="}
@@ -1457,17 +1457,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_src_last_pkt_time":1499347423604346,"flow_dst_last_pkt_time":1499347423604346,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347423604346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TspAAD4GdwasEAABwKgKMt7MAFD5I+viAAAAAKACchD0fQAAAgQFtAQCCAoBOqUoAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3802,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_src_last_pkt_time":1499347423604346,"flow_dst_last_pkt_time":1499347423604441,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347423604441,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3szh681K+SPr46AScSDLowAAAgQFtAQCCAoD5HaeATqlKAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":3,"flow_src_last_pkt_time":1499347423605217,"flow_dst_last_pkt_time":1499347423604441,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347423605217,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TstAAD4Gdw2sEAABwKgKMt7MAFD5I+vj4evNS4AQAOVqqgAAAQEICgE6pSkD5Hae"}
-01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347419786749,"flow_src_last_pkt_time":1499347423605771,"flow_dst_last_pkt_time":1499347419786875,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347423605771,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
-01041{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347228091325,"flow_src_last_pkt_time":1499347294990685,"flow_dst_last_pkt_time":1499347294990734,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183587,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347290163981,"flow_src_last_pkt_time":1499347295228581,"flow_dst_last_pkt_time":1499347295228111,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347419786749,"flow_src_last_pkt_time":1499347423605771,"flow_dst_last_pkt_time":1499347419786875,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347423605771,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01195{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347228091325,"flow_src_last_pkt_time":1499347294990685,"flow_dst_last_pkt_time":1499347294990734,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183587,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347290163981,"flow_src_last_pkt_time":1499347295228581,"flow_dst_last_pkt_time":1499347295228111,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347290163981,"flow_src_last_pkt_time":1499347295228581,"flow_dst_last_pkt_time":1499347295228111,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347292725420,"flow_src_last_pkt_time":1499347298700360,"flow_dst_last_pkt_time":1499347298699645,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347292725420,"flow_src_last_pkt_time":1499347298700360,"flow_dst_last_pkt_time":1499347298699645,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347292725420,"flow_src_last_pkt_time":1499347298700360,"flow_dst_last_pkt_time":1499347298699645,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347295224157,"flow_src_last_pkt_time":1499347300701001,"flow_dst_last_pkt_time":1499347300700234,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347295224157,"flow_src_last_pkt_time":1499347300701001,"flow_dst_last_pkt_time":1499347300700234,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347295224157,"flow_src_last_pkt_time":1499347300701001,"flow_dst_last_pkt_time":1499347300700234,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347296462136,"flow_src_last_pkt_time":1499347301701446,"flow_dst_last_pkt_time":1499347301700707,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347296462136,"flow_src_last_pkt_time":1499347301701446,"flow_dst_last_pkt_time":1499347301700707,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347296462136,"flow_src_last_pkt_time":1499347301701446,"flow_dst_last_pkt_time":1499347301700707,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347297732879,"flow_src_last_pkt_time":1499347303701906,"flow_dst_last_pkt_time":1499347303701163,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347297732879,"flow_src_last_pkt_time":1499347303701906,"flow_dst_last_pkt_time":1499347303701163,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347297732879,"flow_src_last_pkt_time":1499347303701906,"flow_dst_last_pkt_time":1499347303701163,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347424876286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347426122016,"flow_src_last_pkt_time":1499347426122016,"flow_dst_last_pkt_time":1499347426122016,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347426122016,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_src_last_pkt_time":1499347426122016,"flow_dst_last_pkt_time":1499347426122016,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347426122016,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vtlAAD4GBvesEAABwKgKMt7mAFDtahlHAAAAAKACchDQQgAAAgQFtAQCCAoBOqeeAAAAAAEDAwc="}
@@ -1481,7 +1481,7 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_src_last_pkt_time":1499347428671151,"flow_dst_last_pkt_time":1499347428671151,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347428671151,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vFFAAD4GCX+sEAABwKgKMt8CAFCqwBZKAAAAAKACchATUQAAAgQFtAQCCAoBOqobAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":2,"flow_src_last_pkt_time":1499347428671151,"flow_dst_last_pkt_time":1499347428671287,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347428671287,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3wITPWXXqsAWS6AScSAbpgAAAgQFtAQCCAoD5HuRATqqGwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3846,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":3,"flow_src_last_pkt_time":1499347428672036,"flow_dst_last_pkt_time":1499347428671287,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347428672036,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vFJAAD4GCYasEAABwKgKMt8CAFCqwBZLEz1l2IAQAOW6rQAAAQEICgE6qhsD5HuR"}
-02389{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3853,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347419786749,"flow_src_last_pkt_time":1499347429693747,"flow_dst_last_pkt_time":1499347428675378,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16415,"midstream":0,"thread_ts_usec":1499347429693747,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":126,"avg":606310.6,"max":3818967,"stddev":944243.6,"var":891595915264.0,"ent":3.7,"data": [126,889,3818133,3818967,2889,3638,1026811,1031184,4412,231903,235642,3751,1006981,1010745,3756,236240,239931,3646,1008869,1012823,4179,228551,232759,4019,1040911,1048342,7412,251595,255221,3632,1017670]},"pktlen": {"min":52,"avg":716.7,"max":1920,"stddev":755.5,"var":570797.2,"ent":4.2,"data": [60,60,52,637,52,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1918,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.638340950,5.039574623,4.854287148,6.026527405,4.931210518,7.777307510,4.983880997,5.879386902,7.740555286,4.906958103,6.039316654,7.777638435,4.983880997,5.853911400,7.740018845,4.930902481,6.019202709,7.769432068,4.983880997,5.861763954,7.746566296,4.906957626,6.037178040,7.786467552,4.906957626,5.895909309,7.742385864,4.983880997,6.017253876,7.766935825,4.945419312,5.907352448]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02543{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3853,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347419786749,"flow_src_last_pkt_time":1499347429693747,"flow_dst_last_pkt_time":1499347428675378,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16415,"midstream":0,"thread_ts_usec":1499347429693747,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":126,"avg":606310.6,"max":3818967,"stddev":944243.6,"var":891595915264.0,"ent":3.7,"data": [126,889,3818133,3818967,2889,3638,1026811,1031184,4412,231903,235642,3751,1006981,1010745,3756,236240,239931,3646,1008869,1012823,4179,228551,232759,4019,1040911,1048342,7412,251595,255221,3632,1017670]},"pktlen": {"min":52,"avg":716.7,"max":1920,"stddev":755.5,"var":570797.2,"ent":4.2,"data": [60,60,52,637,52,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1918,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.638340950,5.039574623,4.854287148,6.026527405,4.931210518,7.777307510,4.983880997,5.879386902,7.740555286,4.906958103,6.039316654,7.777638435,4.983880997,5.853911400,7.740018845,4.930902481,6.019202709,7.769432068,4.983880997,5.861763954,7.746566296,4.906957626,6.037178040,7.786467552,4.906957626,5.895909309,7.742385864,4.983880997,6.017253876,7.766935825,4.945419312,5.907352448]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3862,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347431192783,"flow_src_last_pkt_time":1499347431192783,"flow_dst_last_pkt_time":1499347431192783,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347431192783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3862,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_src_last_pkt_time":1499347431192783,"flow_dst_last_pkt_time":1499347431192783,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347431192783,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+sNAAD4GywysEAABwKgKMt8cAFA\/1VZRAAAAAKACchA7pAAAAgQFtAQCCAoBOqySAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3863,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":2,"flow_src_last_pkt_time":1499347431192783,"flow_dst_last_pkt_time":1499347431192884,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347431192884,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3xwMzQFkP9VWUqAScSCsZgAAAgQFtAQCCAoD5H4HATqskgEDAwc="}
@@ -1494,17 +1494,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3889,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_src_last_pkt_time":1499347433753548,"flow_dst_last_pkt_time":1499347433753548,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347433753548,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JW1AAD4GoGOsEAABwKgKMt84AFAetop\/AAAAAKACchAl+QAAAgQFtAQCCAoBOq8SAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3890,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":2,"flow_src_last_pkt_time":1499347433753548,"flow_dst_last_pkt_time":1499347433753688,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347433753688,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3zgqPCDhHraKgKAScSBXTwAAAgQFtAQCCAoD5ICHATqvEgEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":3,"flow_src_last_pkt_time":1499347433754294,"flow_dst_last_pkt_time":1499347433753688,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347433754294,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JW5AAD4GoGqsEAABwKgKMt84AFAetoqAKjwg4oAQAOX2VgAAAQEICgE6rxID5ICH"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347300263398,"flow_src_last_pkt_time":1499347305701754,"flow_dst_last_pkt_time":1499347305701193,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347300263398,"flow_src_last_pkt_time":1499347305701754,"flow_dst_last_pkt_time":1499347305701193,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347300263398,"flow_src_last_pkt_time":1499347305701754,"flow_dst_last_pkt_time":1499347305701193,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347301520809,"flow_src_last_pkt_time":1499347306702317,"flow_dst_last_pkt_time":1499347306701780,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347301520809,"flow_src_last_pkt_time":1499347306702317,"flow_dst_last_pkt_time":1499347306701780,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347301520809,"flow_src_last_pkt_time":1499347306702317,"flow_dst_last_pkt_time":1499347306701780,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347304125801,"flow_src_last_pkt_time":1499347309703173,"flow_dst_last_pkt_time":1499347309702387,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347304125801,"flow_src_last_pkt_time":1499347309703173,"flow_dst_last_pkt_time":1499347309702387,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347304125801,"flow_src_last_pkt_time":1499347309703173,"flow_dst_last_pkt_time":1499347309702387,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347305402466,"flow_src_last_pkt_time":1499347310703520,"flow_dst_last_pkt_time":1499347310702701,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347305402466,"flow_src_last_pkt_time":1499347310703520,"flow_dst_last_pkt_time":1499347310702701,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347305402466,"flow_src_last_pkt_time":1499347310703520,"flow_dst_last_pkt_time":1499347310702701,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347306680027,"flow_src_last_pkt_time":1499347311703138,"flow_dst_last_pkt_time":1499347311702363,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347306680027,"flow_src_last_pkt_time":1499347311703138,"flow_dst_last_pkt_time":1499347311702363,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347306680027,"flow_src_last_pkt_time":1499347311703138,"flow_dst_last_pkt_time":1499347311702363,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347309314104,"flow_src_last_pkt_time":1499347314704173,"flow_dst_last_pkt_time":1499347314703421,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347309314104,"flow_src_last_pkt_time":1499347314704173,"flow_dst_last_pkt_time":1499347314703421,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347309314104,"flow_src_last_pkt_time":1499347314704173,"flow_dst_last_pkt_time":1499347314703421,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347435021635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347436274077,"flow_src_last_pkt_time":1499347436274077,"flow_dst_last_pkt_time":1499347436274077,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347436274077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_src_last_pkt_time":1499347436274077,"flow_dst_last_pkt_time":1499347436274077,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347436274077,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W69AAD4GaiGsEAABwKgKMt9SAFA\/BeonAAAAAKACchCjcQAAAgQFtAQCCAoBOrGIAAAAAAEDAwc="}
@@ -1530,17 +1530,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_src_last_pkt_time":1499347445158780,"flow_dst_last_pkt_time":1499347445158780,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347445158780,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/otAAD4Gx0SsEAABwKgKMt+wAFCaOES+AAAAAKACchDknAAAAgQFtAQCCAoBOro1AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":2,"flow_src_last_pkt_time":1499347445158780,"flow_dst_last_pkt_time":1499347445158902,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347445158902,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ37CiJaNtmjhEv6AScSAQWQAAAgQFtAQCCAoD5IurATq6NQEDAwc="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3979,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":3,"flow_src_last_pkt_time":1499347445159670,"flow_dst_last_pkt_time":1499347445158902,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347445159670,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/oxAAD4Gx0usEAABwKgKMt+wAFCaOES\/oiWjboAQAOWvYAAAAQEICgE6ujUD5Iur"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347310567182,"flow_src_last_pkt_time":1499347315705016,"flow_dst_last_pkt_time":1499347315704272,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347310567182,"flow_src_last_pkt_time":1499347315705016,"flow_dst_last_pkt_time":1499347315704272,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347310567182,"flow_src_last_pkt_time":1499347315705016,"flow_dst_last_pkt_time":1499347315704272,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347313106006,"flow_src_last_pkt_time":1499347318705632,"flow_dst_last_pkt_time":1499347318704914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347313106006,"flow_src_last_pkt_time":1499347318705632,"flow_dst_last_pkt_time":1499347318704914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347313106006,"flow_src_last_pkt_time":1499347318705632,"flow_dst_last_pkt_time":1499347318704914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347314358143,"flow_src_last_pkt_time":1499347319705731,"flow_dst_last_pkt_time":1499347319704992,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347314358143,"flow_src_last_pkt_time":1499347319705731,"flow_dst_last_pkt_time":1499347319704992,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347314358143,"flow_src_last_pkt_time":1499347319705731,"flow_dst_last_pkt_time":1499347319704992,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347315631110,"flow_src_last_pkt_time":1499347320705699,"flow_dst_last_pkt_time":1499347320704931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347315631110,"flow_src_last_pkt_time":1499347320705699,"flow_dst_last_pkt_time":1499347320704931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347315631110,"flow_src_last_pkt_time":1499347320705699,"flow_dst_last_pkt_time":1499347320704931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347318180354,"flow_src_last_pkt_time":1499347323705629,"flow_dst_last_pkt_time":1499347323704901,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347318180354,"flow_src_last_pkt_time":1499347323705629,"flow_dst_last_pkt_time":1499347323704901,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347318180354,"flow_src_last_pkt_time":1499347323705629,"flow_dst_last_pkt_time":1499347323704901,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347319466164,"flow_src_last_pkt_time":1499347324705996,"flow_dst_last_pkt_time":1499347324705437,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347319466164,"flow_src_last_pkt_time":1499347324705996,"flow_dst_last_pkt_time":1499347324705437,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347319466164,"flow_src_last_pkt_time":1499347324705996,"flow_dst_last_pkt_time":1499347324705437,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347445734698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347446419862,"flow_src_last_pkt_time":1499347446419862,"flow_dst_last_pkt_time":1499347446419862,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347446419862,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_src_last_pkt_time":1499347446419862,"flow_dst_last_pkt_time":1499347446419862,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347446419862,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oGtAAD4GJWWsEAABwKgKMt++AFBFYxsbAAAAAKACchBhzAAAAgQFtAQCCAoBOrtwAAAAAAEDAwc="}
@@ -1566,17 +1566,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_src_last_pkt_time":1499347455224754,"flow_dst_last_pkt_time":1499347455224754,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347455224754,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8z+5AAD4G9eGsEAABwKgKMuAcAFC7QQvkAAAAAKACchDyLAAAAgQFtAQCCAoBOsQKAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":2,"flow_src_last_pkt_time":1499347455224754,"flow_dst_last_pkt_time":1499347455224871,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347455224871,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4BwGoR45u0EL5aAScSA0zgAAAgQFtAQCCAoD5JV\/ATrECgEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":3,"flow_src_last_pkt_time":1499347455225657,"flow_dst_last_pkt_time":1499347455224871,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347455225657,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z+9AAD4G9eisEAABwKgKMuAcAFC7QQvlBqEeOoAQAOXT1QAAAQEICgE6xAoD5JV\/"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347320712143,"flow_src_last_pkt_time":1499347326706391,"flow_dst_last_pkt_time":1499347326705650,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347320712143,"flow_src_last_pkt_time":1499347326706391,"flow_dst_last_pkt_time":1499347326705650,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347320712143,"flow_src_last_pkt_time":1499347326706391,"flow_dst_last_pkt_time":1499347326705650,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347323234546,"flow_src_last_pkt_time":1499347328706033,"flow_dst_last_pkt_time":1499347328705476,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347323234546,"flow_src_last_pkt_time":1499347328706033,"flow_dst_last_pkt_time":1499347328705476,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347323234546,"flow_src_last_pkt_time":1499347328706033,"flow_dst_last_pkt_time":1499347328705476,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347324538428,"flow_src_last_pkt_time":1499347329706355,"flow_dst_last_pkt_time":1499347329705638,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347324538428,"flow_src_last_pkt_time":1499347329706355,"flow_dst_last_pkt_time":1499347329705638,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347324538428,"flow_src_last_pkt_time":1499347329706355,"flow_dst_last_pkt_time":1499347329705638,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347325777068,"flow_src_last_pkt_time":1499347331707907,"flow_dst_last_pkt_time":1499347331707139,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347325777068,"flow_src_last_pkt_time":1499347331707907,"flow_dst_last_pkt_time":1499347331707139,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347325777068,"flow_src_last_pkt_time":1499347331707907,"flow_dst_last_pkt_time":1499347331707139,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347328298998,"flow_src_last_pkt_time":1499347333709262,"flow_dst_last_pkt_time":1499347333708547,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347328298998,"flow_src_last_pkt_time":1499347333709262,"flow_dst_last_pkt_time":1499347333708547,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347328298998,"flow_src_last_pkt_time":1499347333709262,"flow_dst_last_pkt_time":1499347333708547,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347329594634,"flow_src_last_pkt_time":1499347334709873,"flow_dst_last_pkt_time":1499347334709142,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347329594634,"flow_src_last_pkt_time":1499347334709873,"flow_dst_last_pkt_time":1499347334709142,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347329594634,"flow_src_last_pkt_time":1499347334709873,"flow_dst_last_pkt_time":1499347334709142,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347455736314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347456462850,"flow_src_last_pkt_time":1499347456462850,"flow_dst_last_pkt_time":1499347456462850,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347456462850,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_src_last_pkt_time":1499347456462850,"flow_dst_last_pkt_time":1499347456462850,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347456462850,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YWdAAD4GZGmsEAABwKgKMuAqAFCeBqRYAAAAAKACchB1sAAAAgQFtAQCCAoBOsU\/AAAAAAEDAwc="}
@@ -1602,17 +1602,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_src_last_pkt_time":1499347465304654,"flow_dst_last_pkt_time":1499347465304654,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347465304654,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nSBAAD4GKLCsEAABwKgKMuCIAFBo61DCAAAAAKACchD1YAAAAgQFtAQCCAoBOs3iAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_src_last_pkt_time":1499347465304654,"flow_dst_last_pkt_time":1499347465304749,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347465304749,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4Ijwu80MaOtQw6AScSCVOwAAAgQFtAQCCAoD5J9XATrN4gEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4147,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_src_last_pkt_time":1499347465305553,"flow_dst_last_pkt_time":1499347465304749,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347465305553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nSFAAD4GKLesEAABwKgKMuCIAFBo61DD8LvNDYAQAOU0QwAAAQEICgE6zeID5J9X"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347332137392,"flow_src_last_pkt_time":1499347337710296,"flow_dst_last_pkt_time":1499347337709556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347332137392,"flow_src_last_pkt_time":1499347337710296,"flow_dst_last_pkt_time":1499347337709556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347332137392,"flow_src_last_pkt_time":1499347337710296,"flow_dst_last_pkt_time":1499347337709556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347333419946,"flow_src_last_pkt_time":1499347338710350,"flow_dst_last_pkt_time":1499347338709582,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347333419946,"flow_src_last_pkt_time":1499347338710350,"flow_dst_last_pkt_time":1499347338709582,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347333419946,"flow_src_last_pkt_time":1499347338710350,"flow_dst_last_pkt_time":1499347338709582,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347334667316,"flow_src_last_pkt_time":1499347339710022,"flow_dst_last_pkt_time":1499347339709281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347334667316,"flow_src_last_pkt_time":1499347339710022,"flow_dst_last_pkt_time":1499347339709281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347334667316,"flow_src_last_pkt_time":1499347339710022,"flow_dst_last_pkt_time":1499347339709281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347337226449,"flow_src_last_pkt_time":1499347342710081,"flow_dst_last_pkt_time":1499347342709350,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347337226449,"flow_src_last_pkt_time":1499347342710081,"flow_dst_last_pkt_time":1499347342709350,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347337226449,"flow_src_last_pkt_time":1499347342710081,"flow_dst_last_pkt_time":1499347342709350,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347338485793,"flow_src_last_pkt_time":1499347343711818,"flow_dst_last_pkt_time":1499347343711278,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347338485793,"flow_src_last_pkt_time":1499347343711818,"flow_dst_last_pkt_time":1499347343711278,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347338485793,"flow_src_last_pkt_time":1499347343711818,"flow_dst_last_pkt_time":1499347343711278,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347339782537,"flow_src_last_pkt_time":1499347345712662,"flow_dst_last_pkt_time":1499347345711923,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347339782537,"flow_src_last_pkt_time":1499347345712662,"flow_dst_last_pkt_time":1499347345711923,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347339782537,"flow_src_last_pkt_time":1499347345712662,"flow_dst_last_pkt_time":1499347345711923,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347465739178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347466553593,"flow_src_last_pkt_time":1499347466553593,"flow_dst_last_pkt_time":1499347466553593,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347466553593,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_src_last_pkt_time":1499347466553593,"flow_dst_last_pkt_time":1499347466553593,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347466553593,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KvdAAD4GmtmsEAABwKgKMuCWAFD9ZuXtAAAAAKACchDKcwAAAgQFtAQCCAoBOs8aAAAAAAEDAwc="}
@@ -1642,17 +1642,17 @@
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_src_last_pkt_time":1499347475384590,"flow_dst_last_pkt_time":1499347475384590,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347475384590,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yGtAAD4G\/WSsEAABwKgKMuD2AFCdWh\/RAAAAAKACchDnnAAAAgQFtAQCCAoBOte6AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4236,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":2,"flow_src_last_pkt_time":1499347475384590,"flow_dst_last_pkt_time":1499347475384723,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347475384723,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4PYsYAVjnVof0qAScSAJpQAAAgQFtAQCCAoD5KkvATrXugEDAwc="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4237,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":3,"flow_src_last_pkt_time":1499347475385274,"flow_dst_last_pkt_time":1499347475384723,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347475385274,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yGxAAD4G\/WusEAABwKgKMuD2AFCdWh\/SLGAFZIAQAOWorAAAAQEICgE617oD5Kkv"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347341106252,"flow_src_last_pkt_time":1499347346712559,"flow_dst_last_pkt_time":1499347346712010,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347341106252,"flow_src_last_pkt_time":1499347346712559,"flow_dst_last_pkt_time":1499347346712010,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347341106252,"flow_src_last_pkt_time":1499347346712559,"flow_dst_last_pkt_time":1499347346712010,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347342386338,"flow_src_last_pkt_time":1499347347713644,"flow_dst_last_pkt_time":1499347347712869,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347342386338,"flow_src_last_pkt_time":1499347347713644,"flow_dst_last_pkt_time":1499347347712869,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347342386338,"flow_src_last_pkt_time":1499347347713644,"flow_dst_last_pkt_time":1499347347712869,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347343672802,"flow_src_last_pkt_time":1499347348713338,"flow_dst_last_pkt_time":1499347348712792,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347343672802,"flow_src_last_pkt_time":1499347348713338,"flow_dst_last_pkt_time":1499347348712792,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347343672802,"flow_src_last_pkt_time":1499347348713338,"flow_dst_last_pkt_time":1499347348712792,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347346211046,"flow_src_last_pkt_time":1499347351713466,"flow_dst_last_pkt_time":1499347351712874,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347346211046,"flow_src_last_pkt_time":1499347351713466,"flow_dst_last_pkt_time":1499347351712874,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347346211046,"flow_src_last_pkt_time":1499347351713466,"flow_dst_last_pkt_time":1499347351712874,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347347483570,"flow_src_last_pkt_time":1499347352714021,"flow_dst_last_pkt_time":1499347352713207,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347347483570,"flow_src_last_pkt_time":1499347352714021,"flow_dst_last_pkt_time":1499347352713207,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347347483570,"flow_src_last_pkt_time":1499347352714021,"flow_dst_last_pkt_time":1499347352713207,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347348776663,"flow_src_last_pkt_time":1499347354714888,"flow_dst_last_pkt_time":1499347354714326,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347348776663,"flow_src_last_pkt_time":1499347354714888,"flow_dst_last_pkt_time":1499347354714326,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347348776663,"flow_src_last_pkt_time":1499347354714888,"flow_dst_last_pkt_time":1499347354714326,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347475742620,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347476667031,"flow_src_last_pkt_time":1499347476667031,"flow_dst_last_pkt_time":1499347476667031,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347476667031,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_src_last_pkt_time":1499347476667031,"flow_dst_last_pkt_time":1499347476667031,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347476667031,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86aJAAD4G3C2sEAABwKgKMuEEAFDYCDFYAAAAAKACchCaGQAAAgQFtAQCCAoBOtj6AAAAAAEDAwc="}
@@ -1678,22 +1678,22 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_src_last_pkt_time":1499347485533871,"flow_dst_last_pkt_time":1499347485533871,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347485533871,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jaZAAD4GOCqsEAABwKgKMuFiAFALNGwFAAAAAKACchAjOgAAAgQFtAQCCAoBOuGjAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4321,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":2,"flow_src_last_pkt_time":1499347485533871,"flow_dst_last_pkt_time":1499347485533993,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347485533993,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4WJ5n4cfCzRsBqAScSBsXQAAAgQFtAQCCAoD5LMYATrhowEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4322,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":3,"flow_src_last_pkt_time":1499347485534757,"flow_dst_last_pkt_time":1499347485533993,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347485534757,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jadAAD4GODGsEAABwKgKMuFiAFALNGwGeZ+HIIAQAOULZQAAAQEICgE64aMD5LMY"}
-01137{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347291442976,"flow_src_last_pkt_time":1499347358996542,"flow_dst_last_pkt_time":1499347358996619,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183689,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347351299570,"flow_src_last_pkt_time":1499347356715196,"flow_dst_last_pkt_time":1499347356714448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01291{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347291442976,"flow_src_last_pkt_time":1499347358996542,"flow_dst_last_pkt_time":1499347358996619,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183689,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347351299570,"flow_src_last_pkt_time":1499347356715196,"flow_dst_last_pkt_time":1499347356714448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347351299570,"flow_src_last_pkt_time":1499347356715196,"flow_dst_last_pkt_time":1499347356714448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347352698990,"flow_src_last_pkt_time":1499347357715233,"flow_dst_last_pkt_time":1499347357714711,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347352698990,"flow_src_last_pkt_time":1499347357715233,"flow_dst_last_pkt_time":1499347357714711,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347352698990,"flow_src_last_pkt_time":1499347357715233,"flow_dst_last_pkt_time":1499347357714711,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347356478261,"flow_src_last_pkt_time":1499347361716828,"flow_dst_last_pkt_time":1499347361716092,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347356478261,"flow_src_last_pkt_time":1499347361716828,"flow_dst_last_pkt_time":1499347361716092,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347356478261,"flow_src_last_pkt_time":1499347361716828,"flow_dst_last_pkt_time":1499347361716092,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347357727928,"flow_src_last_pkt_time":1499347363716833,"flow_dst_last_pkt_time":1499347363716085,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347357727928,"flow_src_last_pkt_time":1499347363716833,"flow_dst_last_pkt_time":1499347363716085,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347357727928,"flow_src_last_pkt_time":1499347363716833,"flow_dst_last_pkt_time":1499347363716085,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347360285446,"flow_src_last_pkt_time":1499347365717432,"flow_dst_last_pkt_time":1499347365716661,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347360285446,"flow_src_last_pkt_time":1499347365717432,"flow_dst_last_pkt_time":1499347365716661,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347360285446,"flow_src_last_pkt_time":1499347365717432,"flow_dst_last_pkt_time":1499347365716661,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347485746567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347486787088,"flow_src_last_pkt_time":1499347486787088,"flow_dst_last_pkt_time":1499347486787088,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347486787088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_src_last_pkt_time":1499347486787088,"flow_dst_last_pkt_time":1499347486787088,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347486787088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D7tAAD4GthWsEAABwKgKMuFwAFB2mu1nAAAAAKACchA1KgAAAgQFtAQCCAoBOuLcAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4336,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":2,"flow_src_last_pkt_time":1499347486787088,"flow_dst_last_pkt_time":1499347486787204,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347486787204,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4XA0h5CedprtaKAScSC4rAAAAgQFtAQCCAoD5LRSATri3AEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":3,"flow_src_last_pkt_time":1499347486787944,"flow_dst_last_pkt_time":1499347486787204,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347486787944,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D7xAAD4GthysEAABwKgKMuFwAFB2mu1oNIeQn4AQAOVXtAAAAQEICgE64twD5LRS"}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4344,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347484263170,"flow_src_last_pkt_time":1499347487799367,"flow_dst_last_pkt_time":1499347484263296,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347487799367,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4344,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347484263170,"flow_src_last_pkt_time":1499347487799367,"flow_dst_last_pkt_time":1499347484263296,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347487799367,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347489408846,"flow_src_last_pkt_time":1499347489408846,"flow_dst_last_pkt_time":1499347489408846,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347489408846,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_src_last_pkt_time":1499347489408846,"flow_dst_last_pkt_time":1499347489408846,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347489408846,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86N5AAD4G3PGsEAABwKgKMuGKAFByXg2yAAAAAKACchAWcgAAAgQFtAQCCAoBOuVsAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4355,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":2,"flow_src_last_pkt_time":1499347489408846,"flow_dst_last_pkt_time":1499347489408942,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347489408942,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4YpoWWpFcl4Ns6AScSCJ7AAAAgQFtAQCCAoD5LbhATrlbAEDAwc="}
@@ -1706,7 +1706,7 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4384,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_src_last_pkt_time":1499347493167254,"flow_dst_last_pkt_time":1499347493167254,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347493167254,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VdJAAD4Gb\/6sEAABwKgKMuGyAFCUXbzFAAAAAKACchBBjAAAAgQFtAQCCAoBOukXAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":2,"flow_src_last_pkt_time":1499347493167254,"flow_dst_last_pkt_time":1499347493167378,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347493167378,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4bJdzKzTlF28xqAScSB5WQAAAgQFtAQCCAoD5LqNATrpFwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4386,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":3,"flow_src_last_pkt_time":1499347493168132,"flow_dst_last_pkt_time":1499347493167378,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347493168132,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VdNAAD4GcAWsEAABwKgKMuGyAFCUXbzGXcys1IAQAOUYYAAAAQEICgE66RgD5LqN"}
-02292{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":4387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347484263170,"flow_src_last_pkt_time":1499347493168704,"flow_dst_last_pkt_time":1499347492935868,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16319,"midstream":0,"thread_ts_usec":1499347493168704,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":126,"avg":567039.8,"max":3536204,"stddev":877375.9,"var":769788411904.0,"ent":3.7,"data": [126,910,3535287,3536204,3041,3865,353475,357566,4142,1009473,1013529,4051,235924,239646,3697,1007485,1011210,3722,236124,239766,3661,1007627,1011378,3776,240922,244715,3743,1011730,1015517,3791,232129]},"pktlen": {"min":52,"avg":713.7,"max":1920,"stddev":750.9,"var":563862.5,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.550921917,5.006241322,4.808815002,5.875412941,4.774691582,7.740199566,4.646709919,6.001397610,7.775830746,4.755031586,5.850878716,7.738961697,4.793493271,5.989969254,7.789359570,4.870416641,5.872076035,7.741474628,4.817437649,5.998672962,7.788164616,4.831954956,5.868983269,7.740512848,4.831954956,6.002839088,7.786237717,4.831954956,5.862294197,7.736440182,4.793493271,5.982177258]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02446{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":4387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347484263170,"flow_src_last_pkt_time":1499347493168704,"flow_dst_last_pkt_time":1499347492935868,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16319,"midstream":0,"thread_ts_usec":1499347493168704,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":126,"avg":567039.8,"max":3536204,"stddev":877375.9,"var":769788411904.0,"ent":3.7,"data": [126,910,3535287,3536204,3041,3865,353475,357566,4142,1009473,1013529,4051,235924,239646,3697,1007485,1011210,3722,236124,239766,3661,1007627,1011378,3776,240922,244715,3743,1011730,1015517,3791,232129]},"pktlen": {"min":52,"avg":713.7,"max":1920,"stddev":750.9,"var":563862.5,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.550921917,5.006241322,4.808815002,5.875412941,4.774691582,7.740199566,4.646709919,6.001397610,7.775830746,4.755031586,5.850878716,7.738961697,4.793493271,5.989969254,7.789359570,4.870416641,5.872076035,7.741474628,4.817437649,5.998672962,7.788164616,4.831954956,5.868983269,7.740512848,4.831954956,6.002839088,7.786237717,4.831954956,5.862294197,7.736440182,4.793493271,5.982177258]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4393,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347494446547,"flow_src_last_pkt_time":1499347494446547,"flow_dst_last_pkt_time":1499347494446547,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347494446547,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4393,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_src_last_pkt_time":1499347494446547,"flow_dst_last_pkt_time":1499347494446547,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347494446547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8G1FAAD4Gqn+sEAABwKgKMuHAAFAmKfEGAAAAAKACchB6MQAAAgQFtAQCCAoBOupXAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4394,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":2,"flow_src_last_pkt_time":1499347494446547,"flow_dst_last_pkt_time":1499347494446686,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347494446686,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4cATAV39JinxB6AScSBKYAAAAgQFtAQCCAoD5LvNATrqVwEDAwc="}
@@ -1715,17 +1715,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4405,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_src_last_pkt_time":1499347495714214,"flow_dst_last_pkt_time":1499347495714214,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347495714214,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ai5AAD4GW6KsEAABwKgKMuHOAFCuqYG6AAAAAKACchBfsgAAAgQFtAQCCAoBOuuUAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4406,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":2,"flow_src_last_pkt_time":1499347495714214,"flow_dst_last_pkt_time":1499347495714323,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347495714323,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4c4n\/DE+rqmBu6AScSBGaAAAAgQFtAQCCAoD5L0KATrrlAEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4407,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":3,"flow_src_last_pkt_time":1499347495715123,"flow_dst_last_pkt_time":1499347495714323,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347495715123,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ai9AAD4GW6msEAABwKgKMuHOAFCuqYG7J\/wxP4AQAOXlbwAAAQEICgE665QD5L0K"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347361540867,"flow_src_last_pkt_time":1499347366717273,"flow_dst_last_pkt_time":1499347366716537,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347361540867,"flow_src_last_pkt_time":1499347366717273,"flow_dst_last_pkt_time":1499347366716537,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347361540867,"flow_src_last_pkt_time":1499347366717273,"flow_dst_last_pkt_time":1499347366716537,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347364056755,"flow_src_last_pkt_time":1499347369718009,"flow_dst_last_pkt_time":1499347369717446,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347364056755,"flow_src_last_pkt_time":1499347369718009,"flow_dst_last_pkt_time":1499347369717446,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347364056755,"flow_src_last_pkt_time":1499347369718009,"flow_dst_last_pkt_time":1499347369717446,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347365320773,"flow_src_last_pkt_time":1499347370718346,"flow_dst_last_pkt_time":1499347370717660,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347365320773,"flow_src_last_pkt_time":1499347370718346,"flow_dst_last_pkt_time":1499347370717660,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347365320773,"flow_src_last_pkt_time":1499347370718346,"flow_dst_last_pkt_time":1499347370717660,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347366586774,"flow_src_last_pkt_time":1499347371718130,"flow_dst_last_pkt_time":1499347371717547,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347366586774,"flow_src_last_pkt_time":1499347371718130,"flow_dst_last_pkt_time":1499347371717547,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347366586774,"flow_src_last_pkt_time":1499347371718130,"flow_dst_last_pkt_time":1499347371717547,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347369077761,"flow_src_last_pkt_time":1499347374718827,"flow_dst_last_pkt_time":1499347374718268,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347369077761,"flow_src_last_pkt_time":1499347374718827,"flow_dst_last_pkt_time":1499347374718268,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347369077761,"flow_src_last_pkt_time":1499347374718827,"flow_dst_last_pkt_time":1499347374718268,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347370339639,"flow_src_last_pkt_time":1499347375719424,"flow_dst_last_pkt_time":1499347375718842,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347370339639,"flow_src_last_pkt_time":1499347375719424,"flow_dst_last_pkt_time":1499347375718842,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347370339639,"flow_src_last_pkt_time":1499347375719424,"flow_dst_last_pkt_time":1499347375718842,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347495749659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347498249443,"flow_src_last_pkt_time":1499347498249443,"flow_dst_last_pkt_time":1499347498249443,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347498249443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_src_last_pkt_time":1499347498249443,"flow_dst_last_pkt_time":1499347498249443,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347498249443,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LPFAAD4GmN+sEAABwKgKMuHoAFBfF8L\/AAAAAKACchBrawAAAgQFtAQCCAoBOu4OAAAAAAEDAwc="}
@@ -1751,17 +1751,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_src_last_pkt_time":1499347505774649,"flow_dst_last_pkt_time":1499347505774649,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347505774649,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8e\/VAAD4GSdusEAABwKgKMuI6AFCzho6SAAAAAKACchBDvgAAAgQFtAQCCAoBOvVnAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4490,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":2,"flow_src_last_pkt_time":1499347505774649,"flow_dst_last_pkt_time":1499347505774819,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347505774819,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4joOXGebs4aOk6AScSAD5AAAAgQFtAQCCAoD5MbdATr1ZwEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":3,"flow_src_last_pkt_time":1499347505775533,"flow_dst_last_pkt_time":1499347505774819,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347505775533,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/ZAAD4GSeKsEAABwKgKMuI6AFCzho6TDlxnnIAQAOWi6wAAAQEICgE69WcD5Mbd"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347371602634,"flow_src_last_pkt_time":1499347376719525,"flow_dst_last_pkt_time":1499347376718878,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347371602634,"flow_src_last_pkt_time":1499347376719525,"flow_dst_last_pkt_time":1499347376718878,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347371602634,"flow_src_last_pkt_time":1499347376719525,"flow_dst_last_pkt_time":1499347376718878,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347374136369,"flow_src_last_pkt_time":1499347379720186,"flow_dst_last_pkt_time":1499347379719381,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347374136369,"flow_src_last_pkt_time":1499347379720186,"flow_dst_last_pkt_time":1499347379719381,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347374136369,"flow_src_last_pkt_time":1499347379720186,"flow_dst_last_pkt_time":1499347379719381,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347375388370,"flow_src_last_pkt_time":1499347380720368,"flow_dst_last_pkt_time":1499347380719830,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347375388370,"flow_src_last_pkt_time":1499347380720368,"flow_dst_last_pkt_time":1499347380719830,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347375388370,"flow_src_last_pkt_time":1499347380720368,"flow_dst_last_pkt_time":1499347380719830,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347376638976,"flow_src_last_pkt_time":1499347381720785,"flow_dst_last_pkt_time":1499347381720090,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347376638976,"flow_src_last_pkt_time":1499347381720785,"flow_dst_last_pkt_time":1499347381720090,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347376638976,"flow_src_last_pkt_time":1499347381720785,"flow_dst_last_pkt_time":1499347381720090,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347379171623,"flow_src_last_pkt_time":1499347384721977,"flow_dst_last_pkt_time":1499347384721237,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347379171623,"flow_src_last_pkt_time":1499347384721977,"flow_dst_last_pkt_time":1499347384721237,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347379171623,"flow_src_last_pkt_time":1499347384721977,"flow_dst_last_pkt_time":1499347384721237,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347380424143,"flow_src_last_pkt_time":1499347385722346,"flow_dst_last_pkt_time":1499347385721798,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347380424143,"flow_src_last_pkt_time":1499347385722346,"flow_dst_last_pkt_time":1499347385721798,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347380424143,"flow_src_last_pkt_time":1499347385722346,"flow_dst_last_pkt_time":1499347385721798,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347505780770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347508344616,"flow_src_last_pkt_time":1499347508344616,"flow_dst_last_pkt_time":1499347508344616,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347508344616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_src_last_pkt_time":1499347508344616,"flow_dst_last_pkt_time":1499347508344616,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347508344616,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QeJAAD4Gg+6sEAABwKgKMuJUAFDv7LYIAAAAAKACchDdRAAAAgQFtAQCCAoBOvfqAAAAAAEDAwc="}
@@ -1783,17 +1783,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_src_last_pkt_time":1499347514648083,"flow_dst_last_pkt_time":1499347514648083,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347514648083,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81oFAAD4G706sEAABwKgKMuKYAFBs5yiTAAAAAKACchDnUwAAAgQFtAQCCAoBOv4SAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4562,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":2,"flow_src_last_pkt_time":1499347514648083,"flow_dst_last_pkt_time":1499347514648183,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347514648183,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4pgH3WT1bOcolKAScSCn9AAAAgQFtAQCCAoD5M+HATr+EgEDAwc="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":3,"flow_src_last_pkt_time":1499347514648952,"flow_dst_last_pkt_time":1499347514648183,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347514648952,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01oJAAD4G71WsEAABwKgKMuKYAFBs5yiUB91k9oAQAOVG\/AAAAQEICgE6\/hID5M+H"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347381694081,"flow_src_last_pkt_time":1499347386722710,"flow_dst_last_pkt_time":1499347386721951,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347381694081,"flow_src_last_pkt_time":1499347386722710,"flow_dst_last_pkt_time":1499347386721951,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347381694081,"flow_src_last_pkt_time":1499347386722710,"flow_dst_last_pkt_time":1499347386721951,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347384186315,"flow_src_last_pkt_time":1499347389723103,"flow_dst_last_pkt_time":1499347389722388,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347384186315,"flow_src_last_pkt_time":1499347389723103,"flow_dst_last_pkt_time":1499347389722388,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347384186315,"flow_src_last_pkt_time":1499347389723103,"flow_dst_last_pkt_time":1499347389722388,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347385481030,"flow_src_last_pkt_time":1499347390723245,"flow_dst_last_pkt_time":1499347390722713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347385481030,"flow_src_last_pkt_time":1499347390723245,"flow_dst_last_pkt_time":1499347390722713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347385481030,"flow_src_last_pkt_time":1499347390723245,"flow_dst_last_pkt_time":1499347390722713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347386736484,"flow_src_last_pkt_time":1499347392723196,"flow_dst_last_pkt_time":1499347392722578,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347386736484,"flow_src_last_pkt_time":1499347392723196,"flow_dst_last_pkt_time":1499347392722578,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347386736484,"flow_src_last_pkt_time":1499347392723196,"flow_dst_last_pkt_time":1499347392722578,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347389305327,"flow_src_last_pkt_time":1499347394723279,"flow_dst_last_pkt_time":1499347394722717,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347389305327,"flow_src_last_pkt_time":1499347394723279,"flow_dst_last_pkt_time":1499347394722717,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347389305327,"flow_src_last_pkt_time":1499347394723279,"flow_dst_last_pkt_time":1499347394722717,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347390580539,"flow_src_last_pkt_time":1499347395724239,"flow_dst_last_pkt_time":1499347395723466,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347390580539,"flow_src_last_pkt_time":1499347395724239,"flow_dst_last_pkt_time":1499347395723466,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347390580539,"flow_src_last_pkt_time":1499347395724239,"flow_dst_last_pkt_time":1499347395723466,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347515907175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347517171667,"flow_src_last_pkt_time":1499347517171667,"flow_dst_last_pkt_time":1499347517171667,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347517171667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_src_last_pkt_time":1499347517171667,"flow_dst_last_pkt_time":1499347517171667,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347517171667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PfRAAD4Gh9ysEAABwKgKMuKyAFAJ1z18AAAAAKACchAy6wAAAgQFtAQCCAoBOwCIAAAAAAEDAwc="}
@@ -1823,15 +1823,15 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4657,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_src_last_pkt_time":1499347526155708,"flow_dst_last_pkt_time":1499347526155708,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347526155708,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vM5AAD4GCQKsEAABwKgKMuMSAFBd27WBAAAAAKACchBdugAAAgQFtAQCCAoBOwlPAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4658,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":2,"flow_src_last_pkt_time":1499347526155708,"flow_dst_last_pkt_time":1499347526155864,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347526155864,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4xLVlk4tXdu1gqAScSBcLAAAAgQFtAQCCAoD5NrEATsJTwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":3,"flow_src_last_pkt_time":1499347526156511,"flow_dst_last_pkt_time":1499347526155864,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347526156511,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vM9AAD4GCQmsEAABwKgKMuMSAFBd27WC1ZZOLoAQAOX7MwAAAQEICgE7CU8D5NrE"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347393135857,"flow_src_last_pkt_time":1499347398725008,"flow_dst_last_pkt_time":1499347398724266,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347393135857,"flow_src_last_pkt_time":1499347398725008,"flow_dst_last_pkt_time":1499347398724266,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347393135857,"flow_src_last_pkt_time":1499347398725008,"flow_dst_last_pkt_time":1499347398724266,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347394398432,"flow_src_last_pkt_time":1499347399725104,"flow_dst_last_pkt_time":1499347399724332,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347394398432,"flow_src_last_pkt_time":1499347399725104,"flow_dst_last_pkt_time":1499347399724332,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347394398432,"flow_src_last_pkt_time":1499347399725104,"flow_dst_last_pkt_time":1499347399724332,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347395736207,"flow_src_last_pkt_time":1499347401725942,"flow_dst_last_pkt_time":1499347401725206,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347395736207,"flow_src_last_pkt_time":1499347401725942,"flow_dst_last_pkt_time":1499347401725206,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347395736207,"flow_src_last_pkt_time":1499347401725942,"flow_dst_last_pkt_time":1499347401725206,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347398258131,"flow_src_last_pkt_time":1499347403725690,"flow_dst_last_pkt_time":1499347403725109,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347398258131,"flow_src_last_pkt_time":1499347403725690,"flow_dst_last_pkt_time":1499347403725109,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347398258131,"flow_src_last_pkt_time":1499347403725690,"flow_dst_last_pkt_time":1499347403725109,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347399514448,"flow_src_last_pkt_time":1499347404726147,"flow_dst_last_pkt_time":1499347404725588,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347399514448,"flow_src_last_pkt_time":1499347404726147,"flow_dst_last_pkt_time":1499347404725588,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347399514448,"flow_src_last_pkt_time":1499347404726147,"flow_dst_last_pkt_time":1499347404725588,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347526161239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347527425398,"flow_src_last_pkt_time":1499347527425398,"flow_dst_last_pkt_time":1499347527425398,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347527425398,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_src_last_pkt_time":1499347527425398,"flow_dst_last_pkt_time":1499347527425398,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347527425398,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84vtAAD4G4tSsEAABwKgKMuMgAFAAyeh3AAAAAKACchCGiwAAAgQFtAQCCAoBOwqMAAAAAAEDAwc="}
@@ -1858,17 +1858,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332683,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347536332683,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGJAAD4GPW6sEAABwKgKMuN+AFBSPZtdAAAAAKACchB5IAAAAgQFtAQCCAoBOxM\/AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4744,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332809,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347536332809,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ434l0Xf0Uj2bXqAScSDzoAAAAgQFtAQCCAoD5OS0ATsTPwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4745,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":3,"flow_src_last_pkt_time":1499347536333573,"flow_dst_last_pkt_time":1499347536332809,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347536333573,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGNAAD4GPXWsEAABwKgKMuN+AFBSPZteJdF39YAQAOWSqAAAAQEICgE7Ez8D5OS0"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347400752840,"flow_src_last_pkt_time":1499347406726581,"flow_dst_last_pkt_time":1499347406725808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347400752840,"flow_src_last_pkt_time":1499347406726581,"flow_dst_last_pkt_time":1499347406725808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347400752840,"flow_src_last_pkt_time":1499347406726581,"flow_dst_last_pkt_time":1499347406725808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347403327144,"flow_src_last_pkt_time":1499347408726683,"flow_dst_last_pkt_time":1499347408726120,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347403327144,"flow_src_last_pkt_time":1499347408726683,"flow_dst_last_pkt_time":1499347408726120,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347403327144,"flow_src_last_pkt_time":1499347408726683,"flow_dst_last_pkt_time":1499347408726120,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347404575323,"flow_src_last_pkt_time":1499347409726929,"flow_dst_last_pkt_time":1499347409726197,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347404575323,"flow_src_last_pkt_time":1499347409726929,"flow_dst_last_pkt_time":1499347409726197,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347404575323,"flow_src_last_pkt_time":1499347409726929,"flow_dst_last_pkt_time":1499347409726197,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347407100505,"flow_src_last_pkt_time":1499347412728302,"flow_dst_last_pkt_time":1499347412727533,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347407100505,"flow_src_last_pkt_time":1499347412728302,"flow_dst_last_pkt_time":1499347412727533,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347407100505,"flow_src_last_pkt_time":1499347412728302,"flow_dst_last_pkt_time":1499347412727533,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347408367739,"flow_src_last_pkt_time":1499347413728643,"flow_dst_last_pkt_time":1499347413727926,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347408367739,"flow_src_last_pkt_time":1499347413728643,"flow_dst_last_pkt_time":1499347413727926,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347408367739,"flow_src_last_pkt_time":1499347413728643,"flow_dst_last_pkt_time":1499347413727926,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347409644274,"flow_src_last_pkt_time":1499347414728569,"flow_dst_last_pkt_time":1499347414727869,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347409644274,"flow_src_last_pkt_time":1499347414728569,"flow_dst_last_pkt_time":1499347414727869,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347409644274,"flow_src_last_pkt_time":1499347414728569,"flow_dst_last_pkt_time":1499347414727869,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536759993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347537591583,"flow_src_last_pkt_time":1499347537591583,"flow_dst_last_pkt_time":1499347537591583,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347537591583,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_src_last_pkt_time":1499347537591583,"flow_dst_last_pkt_time":1499347537591583,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347537591583,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UmRAAD4Gc2ysEAABwKgKMuOMAFC1fUYeAAAAAKACchBp1gAAAgQFtAQCCAoBOxR6AAAAAAEDAwc="}
@@ -1894,19 +1894,19 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4827,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_src_last_pkt_time":1499347546427962,"flow_dst_last_pkt_time":1499347546427962,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347546427962,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Q6tAAD4GgiWsEAABwKgKMuPqAFBqhV6wAAAAAKACchCTPQAAAgQFtAQCCAoBOx0bAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4828,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":2,"flow_src_last_pkt_time":1499347546427962,"flow_dst_last_pkt_time":1499347546428110,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347546428110,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4+qNxgXIaoVesaAScSAOGQAAAgQFtAQCCAoD5O6QATsdGwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4829,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":3,"flow_src_last_pkt_time":1499347546428846,"flow_dst_last_pkt_time":1499347546428110,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347546428846,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q6xAAD4GgiysEAABwKgKMuPqAFBqhV6xjcYFyYAQAOWtIAAAAQEICgE7HRsD5O6Q"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347412160466,"flow_src_last_pkt_time":1499347417729226,"flow_dst_last_pkt_time":1499347417728489,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347412160466,"flow_src_last_pkt_time":1499347417729226,"flow_dst_last_pkt_time":1499347417728489,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347412160466,"flow_src_last_pkt_time":1499347417729226,"flow_dst_last_pkt_time":1499347417728489,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347413405117,"flow_src_last_pkt_time":1499347418729836,"flow_dst_last_pkt_time":1499347418729093,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347413405117,"flow_src_last_pkt_time":1499347418729836,"flow_dst_last_pkt_time":1499347418729093,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347413405117,"flow_src_last_pkt_time":1499347418729836,"flow_dst_last_pkt_time":1499347418729093,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347414709999,"flow_src_last_pkt_time":1499347419729994,"flow_dst_last_pkt_time":1499347419729270,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347414709999,"flow_src_last_pkt_time":1499347419729994,"flow_dst_last_pkt_time":1499347419729270,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347414709999,"flow_src_last_pkt_time":1499347419729994,"flow_dst_last_pkt_time":1499347419729270,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347417243856,"flow_src_last_pkt_time":1499347422731069,"flow_dst_last_pkt_time":1499347422730328,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347417243856,"flow_src_last_pkt_time":1499347422731069,"flow_dst_last_pkt_time":1499347422730328,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347417243856,"flow_src_last_pkt_time":1499347422731069,"flow_dst_last_pkt_time":1499347422730328,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347418519306,"flow_src_last_pkt_time":1499347423606384,"flow_dst_last_pkt_time":1499347423605908,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347418519306,"flow_src_last_pkt_time":1499347423606384,"flow_dst_last_pkt_time":1499347423605908,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347418519306,"flow_src_last_pkt_time":1499347423606384,"flow_dst_last_pkt_time":1499347423605908,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347421069175,"flow_src_last_pkt_time":1499347426732103,"flow_dst_last_pkt_time":1499347426731330,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347421069175,"flow_src_last_pkt_time":1499347426732103,"flow_dst_last_pkt_time":1499347426731330,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347421069175,"flow_src_last_pkt_time":1499347426732103,"flow_dst_last_pkt_time":1499347426731330,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-01041{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":115,"flow_first_seen":1499347355229572,"flow_src_last_pkt_time":1499347423381119,"flow_dst_last_pkt_time":1499347423381183,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183606,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01195{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":115,"flow_first_seen":1499347355229572,"flow_src_last_pkt_time":1499347423381119,"flow_dst_last_pkt_time":1499347423381183,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183606,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347547687536,"flow_src_last_pkt_time":1499347547687536,"flow_dst_last_pkt_time":1499347547687536,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347547687536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_src_last_pkt_time":1499347547687536,"flow_dst_last_pkt_time":1499347547687536,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347547687536,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89IlAAD4G0UasEAABwKgKMuP4AFDYf+rfAAAAAKACchCXygAAAgQFtAQCCAoBOx5WAAAAAAEDAwc="}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4840,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":2,"flow_src_last_pkt_time":1499347547687536,"flow_dst_last_pkt_time":1499347547687660,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347547687660,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4\/gRtWE22H\/q4KAScSAyDgAAAgQFtAQCCAoD5O\/LATseVgEDAwc="}
@@ -1919,7 +1919,7 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_src_last_pkt_time":1499347551495961,"flow_dst_last_pkt_time":1499347551495961,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347551495961,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D\/NAAD4Gtd2sEAABwKgKMuQgAFDTqC39AAAAAKACchBVpAAAAgQFtAQCCAoBOyIOAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":2,"flow_src_last_pkt_time":1499347551495961,"flow_dst_last_pkt_time":1499347551496061,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347551496061,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5CCgVV5k06gt\/qAScSBgYQAAAgQFtAQCCAoD5PODATsiDgEDAwc="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":3,"flow_src_last_pkt_time":1499347551496846,"flow_dst_last_pkt_time":1499347551496061,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347551496846,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D\/RAAD4GteSsEAABwKgKMuQgAFDTqC3+oFVeZYAQAOX\/aAAAAQEICgE7Ig4D5POD"}
-01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347547687536,"flow_src_last_pkt_time":1499347551497128,"flow_dst_last_pkt_time":1499347547687660,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347551497128,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347547687536,"flow_src_last_pkt_time":1499347551497128,"flow_dst_last_pkt_time":1499347547687660,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347551497128,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347552736899,"flow_src_last_pkt_time":1499347552736899,"flow_dst_last_pkt_time":1499347552736899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347552736899,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_src_last_pkt_time":1499347552736899,"flow_dst_last_pkt_time":1499347552736899,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347552736899,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8B91AAD4GvfOsEAABwKgKMuQuAFCEqySZAAAAAKACchCswQAAAgQFtAQCCAoBOyNEAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":2,"flow_src_last_pkt_time":1499347552736899,"flow_dst_last_pkt_time":1499347552736998,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347552736998,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5C6xPoYyhKskmqAScSB9kQAAAgQFtAQCCAoD5PS5ATsjRAEDAwc="}
@@ -1932,19 +1932,19 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_src_last_pkt_time":1499347556523558,"flow_dst_last_pkt_time":1499347556523558,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347556523558,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89uZAAD4GzumsEAABwKgKMuRWAFDF1NARAAAAAKACchC8RAAAAgQFtAQCCAoBOyb3AAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4913,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":2,"flow_src_last_pkt_time":1499347556523558,"flow_dst_last_pkt_time":1499347556523684,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347556523684,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5FYT\/QypxdTQEqAScSCgLAAAAgQFtAQCCAoD5PhsATsm9wEDAwc="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":3,"flow_src_last_pkt_time":1499347556524253,"flow_dst_last_pkt_time":1499347556523684,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347556524253,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09udAAD4GzvCsEAABwKgKMuRWAFDF1NASE\/0MqoAQAOU\/NAAAAQEICgE7JvcD5Phs"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347422332404,"flow_src_last_pkt_time":1499347427732458,"flow_dst_last_pkt_time":1499347427731683,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347422332404,"flow_src_last_pkt_time":1499347427732458,"flow_dst_last_pkt_time":1499347427731683,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347422332404,"flow_src_last_pkt_time":1499347427732458,"flow_dst_last_pkt_time":1499347427731683,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347423604346,"flow_src_last_pkt_time":1499347428732861,"flow_dst_last_pkt_time":1499347428732080,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347423604346,"flow_src_last_pkt_time":1499347428732861,"flow_dst_last_pkt_time":1499347428732080,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347423604346,"flow_src_last_pkt_time":1499347428732861,"flow_dst_last_pkt_time":1499347428732080,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347426122016,"flow_src_last_pkt_time":1499347431733009,"flow_dst_last_pkt_time":1499347431732237,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347426122016,"flow_src_last_pkt_time":1499347431733009,"flow_dst_last_pkt_time":1499347431732237,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347426122016,"flow_src_last_pkt_time":1499347431733009,"flow_dst_last_pkt_time":1499347431732237,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347427366797,"flow_src_last_pkt_time":1499347432733311,"flow_dst_last_pkt_time":1499347432732535,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347427366797,"flow_src_last_pkt_time":1499347432733311,"flow_dst_last_pkt_time":1499347432732535,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347427366797,"flow_src_last_pkt_time":1499347432733311,"flow_dst_last_pkt_time":1499347432732535,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347428671151,"flow_src_last_pkt_time":1499347433734524,"flow_dst_last_pkt_time":1499347433733752,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347428671151,"flow_src_last_pkt_time":1499347433734524,"flow_dst_last_pkt_time":1499347433733752,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347428671151,"flow_src_last_pkt_time":1499347433734524,"flow_dst_last_pkt_time":1499347433733752,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347431192783,"flow_src_last_pkt_time":1499347436733809,"flow_dst_last_pkt_time":1499347436733067,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347431192783,"flow_src_last_pkt_time":1499347436733809,"flow_dst_last_pkt_time":1499347436733067,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347431192783,"flow_src_last_pkt_time":1499347436733809,"flow_dst_last_pkt_time":1499347436733067,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347556766549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-02389{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347547687536,"flow_src_last_pkt_time":1499347557536513,"flow_dst_last_pkt_time":1499347556527820,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16419,"midstream":0,"thread_ts_usec":1499347557536513,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":124,"avg":602879.4,"max":3809547,"stddev":940726.8,"var":884966883328.0,"ent":3.7,"data": [124,686,3808906,3809547,3416,4144,1007073,1011285,4302,225901,229521,3769,1021770,1025776,4116,233969,238478,4482,1006263,1010669,4325,238452,243200,4543,1006668,1011166,4498,253524,257102,3581,1008005]},"pktlen": {"min":52,"avg":716.8,"max":1921,"stddev":755.7,"var":571097.9,"ent":4.2,"data": [60,60,52,637,52,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1921,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.638340950,5.106241703,4.969671726,6.036019325,4.969671726,7.763245583,5.022342682,5.918416023,7.743572712,4.906957626,6.001263142,7.780893326,4.906957626,5.904815674,7.746741772,4.983880997,6.035089493,7.783490658,4.983880997,5.917668343,7.744116783,4.945419312,6.018520355,7.767279625,4.868495941,5.905341148,7.745261192,4.861793995,6.048130512,7.761913776,4.815517426,5.915553093]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02543{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347547687536,"flow_src_last_pkt_time":1499347557536513,"flow_dst_last_pkt_time":1499347556527820,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16419,"midstream":0,"thread_ts_usec":1499347557536513,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":124,"avg":602879.4,"max":3809547,"stddev":940726.8,"var":884966883328.0,"ent":3.7,"data": [124,686,3808906,3809547,3416,4144,1007073,1011285,4302,225901,229521,3769,1021770,1025776,4116,233969,238478,4482,1006263,1010669,4325,238452,243200,4543,1006668,1011166,4498,253524,257102,3581,1008005]},"pktlen": {"min":52,"avg":716.8,"max":1921,"stddev":755.7,"var":571097.9,"ent":4.2,"data": [60,60,52,637,52,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1921,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.638340950,5.106241703,4.969671726,6.036019325,4.969671726,7.763245583,5.022342682,5.918416023,7.743572712,4.906957626,6.001263142,7.780893326,4.906957626,5.904815674,7.746741772,4.983880997,6.035089493,7.783490658,4.983880997,5.917668343,7.744116783,4.945419312,6.018520355,7.767279625,4.868495941,5.905341148,7.745261192,4.861793995,6.048130512,7.761913776,4.815517426,5.915553093]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347557789292,"flow_src_last_pkt_time":1499347557789292,"flow_dst_last_pkt_time":1499347557789292,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347557789292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_src_last_pkt_time":1499347557789292,"flow_dst_last_pkt_time":1499347557789292,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347557789292,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82zBAAD4G6p+sEAABwKgKMuRkAFBn0PMDAAAAAKACchD2DAAAAgQFtAQCCAoBOygzAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":2,"flow_src_last_pkt_time":1499347557789292,"flow_dst_last_pkt_time":1499347557789349,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347557789349,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5GT+u1l1Z9DzBKAScSChLQAAAgQFtAQCCAoD5PmoATsoMwEDAwc="}
@@ -1973,17 +1973,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_src_last_pkt_time":1499347566719570,"flow_dst_last_pkt_time":1499347566719570,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347566719570,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bldAAD4GV3msEAABwKgKMuTEAFDBpl67AAAAAKACchAnZgAAAgQFtAQCCAoBOzDsAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5003,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":2,"flow_src_last_pkt_time":1499347566719570,"flow_dst_last_pkt_time":1499347566719693,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347566719693,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5MTiLAwhwaZevKAScSAzsQAAAgQFtAQCCAoD5QJhATsw7AEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":3,"flow_src_last_pkt_time":1499347566720308,"flow_dst_last_pkt_time":1499347566719693,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347566720308,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0blhAAD4GV4CsEAABwKgKMuTEAFDBpl684iwMIoAQAOXSuAAAAQEICgE7MOwD5QJh"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347432482096,"flow_src_last_pkt_time":1499347437734071,"flow_dst_last_pkt_time":1499347437733358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347432482096,"flow_src_last_pkt_time":1499347437734071,"flow_dst_last_pkt_time":1499347437733358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347432482096,"flow_src_last_pkt_time":1499347437734071,"flow_dst_last_pkt_time":1499347437733358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347433753548,"flow_src_last_pkt_time":1499347439734183,"flow_dst_last_pkt_time":1499347439733463,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347433753548,"flow_src_last_pkt_time":1499347439734183,"flow_dst_last_pkt_time":1499347439733463,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347433753548,"flow_src_last_pkt_time":1499347439734183,"flow_dst_last_pkt_time":1499347439733463,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347436274077,"flow_src_last_pkt_time":1499347441734581,"flow_dst_last_pkt_time":1499347441734060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347436274077,"flow_src_last_pkt_time":1499347441734581,"flow_dst_last_pkt_time":1499347441734060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347436274077,"flow_src_last_pkt_time":1499347441734581,"flow_dst_last_pkt_time":1499347441734060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347437541250,"flow_src_last_pkt_time":1499347442734557,"flow_dst_last_pkt_time":1499347442733973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347437541250,"flow_src_last_pkt_time":1499347442734557,"flow_dst_last_pkt_time":1499347442733973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347437541250,"flow_src_last_pkt_time":1499347442734557,"flow_dst_last_pkt_time":1499347442733973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347440119979,"flow_src_last_pkt_time":1499347445734698,"flow_dst_last_pkt_time":1499347445733991,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347440119979,"flow_src_last_pkt_time":1499347445734698,"flow_dst_last_pkt_time":1499347445733991,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347440119979,"flow_src_last_pkt_time":1499347445734698,"flow_dst_last_pkt_time":1499347445733991,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347441364438,"flow_src_last_pkt_time":1499347446735108,"flow_dst_last_pkt_time":1499347446734339,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347441364438,"flow_src_last_pkt_time":1499347446735108,"flow_dst_last_pkt_time":1499347446734339,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347441364438,"flow_src_last_pkt_time":1499347446735108,"flow_dst_last_pkt_time":1499347446734339,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347566770032,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347569321023,"flow_src_last_pkt_time":1499347569321023,"flow_dst_last_pkt_time":1499347569321023,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347569321023,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_src_last_pkt_time":1499347569321023,"flow_dst_last_pkt_time":1499347569321023,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347569321023,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8g25AAD4GQmKsEAABwKgKMuTeAFCWQ7AYAAAAAKACchD+xwAAAgQFtAQCCAoBOzN2AAAAAAEDAwc="}
@@ -2005,17 +2005,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_src_last_pkt_time":1499347575652327,"flow_dst_last_pkt_time":1499347575652327,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347575652327,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XdZAAD4GZ\/qsEAABwKgKMuUoAFDuGWRzAAAAAKACchDsHQAAAgQFtAQCCAoBOzmlAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":2,"flow_src_last_pkt_time":1499347575652327,"flow_dst_last_pkt_time":1499347575652445,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347575652445,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5Sh6374H7hlkdKAScSClFgAAAgQFtAQCCAoD5QsaATs5pQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5076,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":3,"flow_src_last_pkt_time":1499347575653228,"flow_dst_last_pkt_time":1499347575652445,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347575653228,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XddAAD4GaAGsEAABwKgKMuUoAFDuGWR0et++CIAQAOVEHgAAAQEICgE7OaUD5Qsa"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347442626484,"flow_src_last_pkt_time":1499347447735015,"flow_dst_last_pkt_time":1499347447734281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347442626484,"flow_src_last_pkt_time":1499347447735015,"flow_dst_last_pkt_time":1499347447734281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347442626484,"flow_src_last_pkt_time":1499347447735015,"flow_dst_last_pkt_time":1499347447734281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347445158780,"flow_src_last_pkt_time":1499347450735325,"flow_dst_last_pkt_time":1499347450734613,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347445158780,"flow_src_last_pkt_time":1499347450735325,"flow_dst_last_pkt_time":1499347450734613,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347445158780,"flow_src_last_pkt_time":1499347450735325,"flow_dst_last_pkt_time":1499347450734613,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347446419862,"flow_src_last_pkt_time":1499347451735984,"flow_dst_last_pkt_time":1499347451735435,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347446419862,"flow_src_last_pkt_time":1499347451735984,"flow_dst_last_pkt_time":1499347451735435,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347446419862,"flow_src_last_pkt_time":1499347451735984,"flow_dst_last_pkt_time":1499347451735435,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347447671102,"flow_src_last_pkt_time":1499347452736310,"flow_dst_last_pkt_time":1499347452735559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347447671102,"flow_src_last_pkt_time":1499347452736310,"flow_dst_last_pkt_time":1499347452735559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347447671102,"flow_src_last_pkt_time":1499347452736310,"flow_dst_last_pkt_time":1499347452735559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347450180333,"flow_src_last_pkt_time":1499347455736314,"flow_dst_last_pkt_time":1499347455735575,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347450180333,"flow_src_last_pkt_time":1499347455736314,"flow_dst_last_pkt_time":1499347455735575,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347450180333,"flow_src_last_pkt_time":1499347455736314,"flow_dst_last_pkt_time":1499347455735575,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347451427343,"flow_src_last_pkt_time":1499347456736578,"flow_dst_last_pkt_time":1499347456735843,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347451427343,"flow_src_last_pkt_time":1499347456736578,"flow_dst_last_pkt_time":1499347456735843,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347451427343,"flow_src_last_pkt_time":1499347456736578,"flow_dst_last_pkt_time":1499347456735843,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347576923024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347578164099,"flow_src_last_pkt_time":1499347578164099,"flow_dst_last_pkt_time":1499347578164099,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347578164099,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_src_last_pkt_time":1499347578164099,"flow_dst_last_pkt_time":1499347578164099,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347578164099,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86A1AAD4G3cKsEAABwKgKMuVCAFCbVdQUAAAAAKACchDMsgAAAgQFtAQCCAoBOzwZAAAAAAEDAwc="}
@@ -2041,17 +2041,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_src_last_pkt_time":1499347585744968,"flow_dst_last_pkt_time":1499347585744968,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347585744968,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CJdAAD4GvTmsEAABwKgKMuWUAFD9vEsXAAAAAKACchDrjwAAAgQFtAQCCAoBO0OAAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5163,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":2,"flow_src_last_pkt_time":1499347585744968,"flow_dst_last_pkt_time":1499347585745063,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347585745063,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ZQRxaCL\/bxLGKAScSAhRAAAAgQFtAQCCAoD5RT1ATtDgAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5165,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":3,"flow_src_last_pkt_time":1499347585746751,"flow_dst_last_pkt_time":1499347585745063,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347585746751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CJhAAD4GvUCsEAABwKgKMuWUAFD9vEsYEcWgjIAQAOXASwAAAQEICgE7Q4AD5RT1"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347452731179,"flow_src_last_pkt_time":1499347457736992,"flow_dst_last_pkt_time":1499347457736254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347452731179,"flow_src_last_pkt_time":1499347457736992,"flow_dst_last_pkt_time":1499347457736254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347452731179,"flow_src_last_pkt_time":1499347457736992,"flow_dst_last_pkt_time":1499347457736254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347455224754,"flow_src_last_pkt_time":1499347460737956,"flow_dst_last_pkt_time":1499347460737189,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347455224754,"flow_src_last_pkt_time":1499347460737956,"flow_dst_last_pkt_time":1499347460737189,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347455224754,"flow_src_last_pkt_time":1499347460737956,"flow_dst_last_pkt_time":1499347460737189,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347456462850,"flow_src_last_pkt_time":1499347461738025,"flow_dst_last_pkt_time":1499347461737496,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347456462850,"flow_src_last_pkt_time":1499347461738025,"flow_dst_last_pkt_time":1499347461737496,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347456462850,"flow_src_last_pkt_time":1499347461738025,"flow_dst_last_pkt_time":1499347461737496,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347457705792,"flow_src_last_pkt_time":1499347462738152,"flow_dst_last_pkt_time":1499347462737571,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347457705792,"flow_src_last_pkt_time":1499347462738152,"flow_dst_last_pkt_time":1499347462737571,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347457705792,"flow_src_last_pkt_time":1499347462738152,"flow_dst_last_pkt_time":1499347462737571,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347460253314,"flow_src_last_pkt_time":1499347465739178,"flow_dst_last_pkt_time":1499347465738453,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347460253314,"flow_src_last_pkt_time":1499347465739178,"flow_dst_last_pkt_time":1499347465738453,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347460253314,"flow_src_last_pkt_time":1499347465739178,"flow_dst_last_pkt_time":1499347465738453,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347461508506,"flow_src_last_pkt_time":1499347466739001,"flow_dst_last_pkt_time":1499347466738452,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347461508506,"flow_src_last_pkt_time":1499347466739001,"flow_dst_last_pkt_time":1499347466738452,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347461508506,"flow_src_last_pkt_time":1499347466739001,"flow_dst_last_pkt_time":1499347466738452,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347586996008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347588270699,"flow_src_last_pkt_time":1499347588270699,"flow_dst_last_pkt_time":1499347588270699,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347588270699,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_src_last_pkt_time":1499347588270699,"flow_dst_last_pkt_time":1499347588270699,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347588270699,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nX9AAD4GKFGsEAABwKgKMuWuAFBMCdiIAAAAAKACchANQQAAAgQFtAQCCAoBO0X3AAAAAAEDAwc="}
@@ -2077,19 +2077,19 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_src_last_pkt_time":1499347597121690,"flow_dst_last_pkt_time":1499347597121690,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347597121690,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Xm5AAD4GZ2KsEAABwKgKMuYMAFDbqxDyAAAAAKACchA8MgAAAgQFtAQCCAoBO06cAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5254,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":2,"flow_src_last_pkt_time":1499347597121690,"flow_dst_last_pkt_time":1499347597121785,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347597121785,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5gw3EDJr26sQ86AScSCvnwAAAgQFtAQCCAoD5SARATtOnAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5255,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":3,"flow_src_last_pkt_time":1499347597122377,"flow_dst_last_pkt_time":1499347597121785,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347597122377,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Xm9AAD4GZ2msEAABwKgKMuYMAFDbqxDzNxAybIAQAOVOpwAAAQEICgE7TpwD5SAR"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347462759503,"flow_src_last_pkt_time":1499347468740981,"flow_dst_last_pkt_time":1499347468740222,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347462759503,"flow_src_last_pkt_time":1499347468740981,"flow_dst_last_pkt_time":1499347468740222,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347462759503,"flow_src_last_pkt_time":1499347468740981,"flow_dst_last_pkt_time":1499347468740222,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347465304654,"flow_src_last_pkt_time":1499347470740733,"flow_dst_last_pkt_time":1499347470740153,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347465304654,"flow_src_last_pkt_time":1499347470740733,"flow_dst_last_pkt_time":1499347470740153,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347465304654,"flow_src_last_pkt_time":1499347470740733,"flow_dst_last_pkt_time":1499347470740153,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347466553593,"flow_src_last_pkt_time":1499347471741417,"flow_dst_last_pkt_time":1499347471740710,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347466553593,"flow_src_last_pkt_time":1499347471741417,"flow_dst_last_pkt_time":1499347471740710,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347466553593,"flow_src_last_pkt_time":1499347471741417,"flow_dst_last_pkt_time":1499347471740710,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347467793906,"flow_src_last_pkt_time":1499347473742219,"flow_dst_last_pkt_time":1499347473741670,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347467793906,"flow_src_last_pkt_time":1499347473742219,"flow_dst_last_pkt_time":1499347473741670,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347467793906,"flow_src_last_pkt_time":1499347473742219,"flow_dst_last_pkt_time":1499347473741670,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347469060900,"flow_src_last_pkt_time":1499347474742557,"flow_dst_last_pkt_time":1499347474741789,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347469060900,"flow_src_last_pkt_time":1499347474742557,"flow_dst_last_pkt_time":1499347474741789,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347469060900,"flow_src_last_pkt_time":1499347474742557,"flow_dst_last_pkt_time":1499347474741789,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347470328150,"flow_src_last_pkt_time":1499347475742620,"flow_dst_last_pkt_time":1499347475742120,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347470328150,"flow_src_last_pkt_time":1499347475742620,"flow_dst_last_pkt_time":1499347475742120,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347470328150,"flow_src_last_pkt_time":1499347475742620,"flow_dst_last_pkt_time":1499347475742120,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347471594015,"flow_src_last_pkt_time":1499347476742942,"flow_dst_last_pkt_time":1499347476742396,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347471594015,"flow_src_last_pkt_time":1499347476742942,"flow_dst_last_pkt_time":1499347476742396,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347471594015,"flow_src_last_pkt_time":1499347476742942,"flow_dst_last_pkt_time":1499347476742396,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347597780448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347598383395,"flow_src_last_pkt_time":1499347598383395,"flow_dst_last_pkt_time":1499347598383395,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347598383395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_src_last_pkt_time":1499347598383395,"flow_dst_last_pkt_time":1499347598383395,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347598383395,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jLdAAD4GORmsEAABwKgKMuYaAFCJpsNgAAAAAKACchDafwAAAgQFtAQCCAoBO0\/XAAAAAAEDAwc="}
@@ -2119,18 +2119,18 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_src_last_pkt_time":1499347607344496,"flow_dst_last_pkt_time":1499347607344496,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347607344496,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8neJAAD4GJ+6sEAABwKgKMuZ6AFBKtMV6AAAAAKACchAONwAAAgQFtAQCCAoBO1iYAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5342,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":2,"flow_src_last_pkt_time":1499347607344496,"flow_dst_last_pkt_time":1499347607344622,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347607344622,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5nrlgxvESrTFe6AScSDf2wAAAgQFtAQCCAoD5SoNATtYmAEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5343,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":3,"flow_src_last_pkt_time":1499347607345382,"flow_dst_last_pkt_time":1499347607344622,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347607345382,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0neNAAD4GJ\/WsEAABwKgKMuZ6AFBKtMV75YMbxYAQAOV+4wAAAQEICgE7WJgD5SoN"}
-01137{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347419786749,"flow_src_last_pkt_time":1499347486791946,"flow_dst_last_pkt_time":1499347486791993,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183696,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347474100876,"flow_src_last_pkt_time":1499347479744191,"flow_dst_last_pkt_time":1499347479743593,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01291{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347419786749,"flow_src_last_pkt_time":1499347486791946,"flow_dst_last_pkt_time":1499347486791993,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183696,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347474100876,"flow_src_last_pkt_time":1499347479744191,"flow_dst_last_pkt_time":1499347479743593,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347474100876,"flow_src_last_pkt_time":1499347479744191,"flow_dst_last_pkt_time":1499347479743593,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347475384590,"flow_src_last_pkt_time":1499347480745154,"flow_dst_last_pkt_time":1499347480744297,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347475384590,"flow_src_last_pkt_time":1499347480745154,"flow_dst_last_pkt_time":1499347480744297,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347475384590,"flow_src_last_pkt_time":1499347480745154,"flow_dst_last_pkt_time":1499347480744297,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347476667031,"flow_src_last_pkt_time":1499347481745315,"flow_dst_last_pkt_time":1499347481744593,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347476667031,"flow_src_last_pkt_time":1499347481745315,"flow_dst_last_pkt_time":1499347481744593,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347476667031,"flow_src_last_pkt_time":1499347481745315,"flow_dst_last_pkt_time":1499347481744593,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347479172502,"flow_src_last_pkt_time":1499347484745937,"flow_dst_last_pkt_time":1499347484745157,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347479172502,"flow_src_last_pkt_time":1499347484745937,"flow_dst_last_pkt_time":1499347484745157,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347479172502,"flow_src_last_pkt_time":1499347484745937,"flow_dst_last_pkt_time":1499347484745157,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347480438728,"flow_src_last_pkt_time":1499347485746567,"flow_dst_last_pkt_time":1499347485745839,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347480438728,"flow_src_last_pkt_time":1499347485746567,"flow_dst_last_pkt_time":1499347485745839,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347480438728,"flow_src_last_pkt_time":1499347485746567,"flow_dst_last_pkt_time":1499347485745839,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347481724497,"flow_src_last_pkt_time":1499347486747274,"flow_dst_last_pkt_time":1499347486746698,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347481724497,"flow_src_last_pkt_time":1499347486747274,"flow_dst_last_pkt_time":1499347486746698,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347481724497,"flow_src_last_pkt_time":1499347486747274,"flow_dst_last_pkt_time":1499347486746698,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347607783132,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347608596103,"flow_src_last_pkt_time":1499347608596103,"flow_dst_last_pkt_time":1499347608596103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347608596103,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_src_last_pkt_time":1499347608596103,"flow_dst_last_pkt_time":1499347608596103,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347608596103,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UBJAAD4Gdb6sEAABwKgKMuaIAFDT6AnDAAAAAKACchA\/cwAAAgQFtAQCCAoBO1nRAAAAAAEDAwc="}
@@ -2148,7 +2148,7 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_src_last_pkt_time":1499347613718984,"flow_dst_last_pkt_time":1499347613718984,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347613718984,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VmlAAD4Gb2esEAABwKgKMua+AFCqCgi7AAAAAKACchBlIgAAAgQFtAQCCAoBO17SAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5401,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":2,"flow_src_last_pkt_time":1499347613718984,"flow_dst_last_pkt_time":1499347613719118,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347613719118,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5r4KHPZlqgoIvKAScSAxUwAAAgQFtAQCCAoD5TBHATte0gEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5402,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":3,"flow_src_last_pkt_time":1499347613719991,"flow_dst_last_pkt_time":1499347613719118,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347613719991,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VmpAAD4Gb26sEAABwKgKMua+AFCqCgi8Chz2ZoAQAOXQWgAAAQEICgE7XtID5TBH"}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5418,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347611162032,"flow_src_last_pkt_time":1499347615984897,"flow_dst_last_pkt_time":1499347611162175,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347615984897,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5418,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347611162032,"flow_src_last_pkt_time":1499347615984897,"flow_dst_last_pkt_time":1499347611162175,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347615984897,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347616210936,"flow_src_last_pkt_time":1499347616210936,"flow_dst_last_pkt_time":1499347616210936,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347616210936,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_src_last_pkt_time":1499347616210936,"flow_dst_last_pkt_time":1499347616210936,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347616210936,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YLdAAD4GZRmsEAABwKgKMubYAFBJnwH3AAAAAKACchDJyQAAAgQFtAQCCAoBO2FAAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":2,"flow_src_last_pkt_time":1499347616210936,"flow_dst_last_pkt_time":1499347616211064,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347616211064,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5thWFuJlSZ8B+KAScSBbkQAAAgQFtAQCCAoD5TK2ATthQAEDAwc="}
@@ -2157,19 +2157,19 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5432,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_src_last_pkt_time":1499347617491735,"flow_dst_last_pkt_time":1499347617491735,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347617491735,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VDpAAD4GcZasEAABwKgKMubmAFD8gja7AAAAAKACchDg0gAAAgQFtAQCCAoBO2KBAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":2,"flow_src_last_pkt_time":1499347617491735,"flow_dst_last_pkt_time":1499347617491896,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347617491896,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ubMDNHo\/II2vKAScSAL4QAAAgQFtAQCCAoD5TP2ATtigQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":3,"flow_src_last_pkt_time":1499347617492438,"flow_dst_last_pkt_time":1499347617491896,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347617492438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VDtAAD4GcZ2sEAABwKgKMubmAFD8gja8zAzR6YAQAOWq6AAAAQEICgE7YoED5TP2"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347485533871,"flow_src_last_pkt_time":1499347490747948,"flow_dst_last_pkt_time":1499347490747436,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347617785866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347485533871,"flow_src_last_pkt_time":1499347490747948,"flow_dst_last_pkt_time":1499347490747436,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347617785866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347485533871,"flow_src_last_pkt_time":1499347490747948,"flow_dst_last_pkt_time":1499347490747436,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347617785866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347486787088,"flow_src_last_pkt_time":1499347492748434,"flow_dst_last_pkt_time":1499347492747882,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347617785866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347486787088,"flow_src_last_pkt_time":1499347492748434,"flow_dst_last_pkt_time":1499347492747882,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347617785866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347486787088,"flow_src_last_pkt_time":1499347492748434,"flow_dst_last_pkt_time":1499347492747882,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347617785866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347489408846,"flow_src_last_pkt_time":1499347494749389,"flow_dst_last_pkt_time":1499347494748600,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347617785866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347489408846,"flow_src_last_pkt_time":1499347494749389,"flow_dst_last_pkt_time":1499347494748600,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347617785866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347489408846,"flow_src_last_pkt_time":1499347494749389,"flow_dst_last_pkt_time":1499347494748600,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347617785866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347490659748,"flow_src_last_pkt_time":1499347495749659,"flow_dst_last_pkt_time":1499347495748941,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347617785866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347490659748,"flow_src_last_pkt_time":1499347495749659,"flow_dst_last_pkt_time":1499347495748941,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347617785866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347490659748,"flow_src_last_pkt_time":1499347495749659,"flow_dst_last_pkt_time":1499347495748941,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347617785866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347618757865,"flow_src_last_pkt_time":1499347618757865,"flow_dst_last_pkt_time":1499347618757865,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347618757865,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_src_last_pkt_time":1499347618757865,"flow_dst_last_pkt_time":1499347618757865,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347618757865,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UcRAAD4GdAysEAABwKgKMub0AFCevDJ5AAAAAKACchBBkQAAAgQFtAQCCAoBO2O9AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5445,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":2,"flow_src_last_pkt_time":1499347618757865,"flow_dst_last_pkt_time":1499347618757988,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347618757988,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5vRXo2m0nrwyeqAScSBIAQAAAgQFtAQCCAoD5TUyATtjvQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5446,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":3,"flow_src_last_pkt_time":1499347618758844,"flow_dst_last_pkt_time":1499347618757988,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347618758844,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UcVAAD4GdBOsEAABwKgKMub0AFCevDJ6V6NptYAQAOXnBwAAAQEICgE7Y74D5TUy"}
-02292{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":5461,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347611162032,"flow_src_last_pkt_time":1499347621032822,"flow_dst_last_pkt_time":1499347621031071,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4255,"flow_dst_tot_l4_payload_len":16323,"midstream":0,"thread_ts_usec":1499347621032822,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":143,"avg":636768.6,"max":4822860,"stddev":1172576.8,"var":1374936236032.0,"ent":3.4,"data": [143,1062,4821803,4822860,2874,5990,221999,227886,4985,1013,1004953,1011219,4071,265484,269299,3619,1019861,1023488,4016,238184,242252,4785,1005968,1010668,4015,237942,242400,5048,1010956,1015950,5036]},"pktlen": {"min":52,"avg":695.6,"max":1921,"stddev":759.8,"var":577334.1,"ent":4.1,"data": [60,60,52,435,52,1823,52,637,1921,52,52,435,1822,52,637,1919,52,435,1822,52,637,1921,52,435,1822,52,637,1919,52,435,1822,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0],"entropies": [4.638340950,5.106241703,4.931210041,5.869386673,4.815825462,7.741599560,4.861793995,5.992467880,7.779530048,4.892440796,4.892440796,5.846882820,7.743978024,4.906957626,6.006172180,7.770215034,4.945419312,5.875662804,7.742156029,4.830034256,6.027259350,7.759240150,4.906957626,5.861507416,7.742101192,4.868495941,5.986130238,7.747363091,4.983880997,5.861079216,7.737266064,4.983880997]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02446{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":5461,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347611162032,"flow_src_last_pkt_time":1499347621032822,"flow_dst_last_pkt_time":1499347621031071,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4255,"flow_dst_tot_l4_payload_len":16323,"midstream":0,"thread_ts_usec":1499347621032822,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":143,"avg":636768.6,"max":4822860,"stddev":1172576.8,"var":1374936236032.0,"ent":3.4,"data": [143,1062,4821803,4822860,2874,5990,221999,227886,4985,1013,1004953,1011219,4071,265484,269299,3619,1019861,1023488,4016,238184,242252,4785,1005968,1010668,4015,237942,242400,5048,1010956,1015950,5036]},"pktlen": {"min":52,"avg":695.6,"max":1921,"stddev":759.8,"var":577334.1,"ent":4.1,"data": [60,60,52,435,52,1823,52,637,1921,52,52,435,1822,52,637,1919,52,435,1822,52,637,1921,52,435,1822,52,637,1919,52,435,1822,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0],"entropies": [4.638340950,5.106241703,4.931210041,5.869386673,4.815825462,7.741599560,4.861793995,5.992467880,7.779530048,4.892440796,4.892440796,5.846882820,7.743978024,4.906957626,6.006172180,7.770215034,4.945419312,5.875662804,7.742156029,4.830034256,6.027259350,7.759240150,4.906957626,5.861507416,7.742101192,4.868495941,5.986130238,7.747363091,4.983880997,5.861079216,7.737266064,4.983880997]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5462,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347621256083,"flow_src_last_pkt_time":1499347621256083,"flow_dst_last_pkt_time":1499347621256083,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347621256083,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5462,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_src_last_pkt_time":1499347621256083,"flow_dst_last_pkt_time":1499347621256083,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347621256083,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Hc9AAD4GqAGsEAABwKgKMucOAFD+NnvhAAAAAKACchCWIwAAAgQFtAQCCAoBO2YuAAAAAAEDAwc="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":2,"flow_src_last_pkt_time":1499347621256083,"flow_dst_last_pkt_time":1499347621256213,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347621256213,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5w6DP0I9\/jZ74qAScSCV\/QAAAgQFtAQCCAoD5TejATtmLgEDAwc="}
@@ -2194,17 +2194,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_src_last_pkt_time":1499347627616552,"flow_dst_last_pkt_time":1499347627616552,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347627616552,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GbxAAD4GrBSsEAABwKgKMudUAFBilXXYAAAAAKACchAxUgAAAgQFtAQCCAoBO2xkAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":2,"flow_src_last_pkt_time":1499347627616552,"flow_dst_last_pkt_time":1499347627616713,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347627616713,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ51QwQXQsYpV12aAScSBMBQAAAgQFtAQCCAoD5T3ZATtsZAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5524,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":3,"flow_src_last_pkt_time":1499347627617592,"flow_dst_last_pkt_time":1499347627616713,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347627617592,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gb1AAD4GrBusEAABwKgKMudUAFBilXXZMEF0LYAQAOXrDAAAAQEICgE7bGQD5T3Z"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347493167254,"flow_src_last_pkt_time":1499347498750009,"flow_dst_last_pkt_time":1499347498749269,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347493167254,"flow_src_last_pkt_time":1499347498750009,"flow_dst_last_pkt_time":1499347498749269,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347493167254,"flow_src_last_pkt_time":1499347498750009,"flow_dst_last_pkt_time":1499347498749269,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347494446547,"flow_src_last_pkt_time":1499347499749657,"flow_dst_last_pkt_time":1499347499749136,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347494446547,"flow_src_last_pkt_time":1499347499749657,"flow_dst_last_pkt_time":1499347499749136,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347494446547,"flow_src_last_pkt_time":1499347499749657,"flow_dst_last_pkt_time":1499347499749136,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347495714214,"flow_src_last_pkt_time":1499347500750258,"flow_dst_last_pkt_time":1499347500749492,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347495714214,"flow_src_last_pkt_time":1499347500750258,"flow_dst_last_pkt_time":1499347500749492,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347495714214,"flow_src_last_pkt_time":1499347500750258,"flow_dst_last_pkt_time":1499347500749492,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347498249443,"flow_src_last_pkt_time":1499347503750094,"flow_dst_last_pkt_time":1499347503749319,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347498249443,"flow_src_last_pkt_time":1499347503750094,"flow_dst_last_pkt_time":1499347503749319,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347498249443,"flow_src_last_pkt_time":1499347503750094,"flow_dst_last_pkt_time":1499347503749319,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347499500526,"flow_src_last_pkt_time":1499347504749974,"flow_dst_last_pkt_time":1499347504749423,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347499500526,"flow_src_last_pkt_time":1499347504749974,"flow_dst_last_pkt_time":1499347504749423,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347499500526,"flow_src_last_pkt_time":1499347504749974,"flow_dst_last_pkt_time":1499347504749423,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347500770126,"flow_src_last_pkt_time":1499347506751057,"flow_dst_last_pkt_time":1499347506750532,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347500770126,"flow_src_last_pkt_time":1499347506751057,"flow_dst_last_pkt_time":1499347506750532,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347500770126,"flow_src_last_pkt_time":1499347506751057,"flow_dst_last_pkt_time":1499347506750532,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347627790090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347630130498,"flow_src_last_pkt_time":1499347630130498,"flow_dst_last_pkt_time":1499347630130498,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347630130498,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_src_last_pkt_time":1499347630130498,"flow_dst_last_pkt_time":1499347630130498,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347630130498,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rFRAAD4GGXysEAABwKgKMuduAFDOysKMAAAAAKACchB12gAAAgQFtAQCCAoBO27YAAAAAAEDAwc="}
@@ -2230,17 +2230,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_src_last_pkt_time":1499347637687348,"flow_dst_last_pkt_time":1499347637687348,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347637687348,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W0xAAD4GaoSsEAABwKgKMufAAFAySC12AAAAAKACchCfvwAAAgQFtAQCCAoBO3Y6AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5612,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":2,"flow_src_last_pkt_time":1499347637687348,"flow_dst_last_pkt_time":1499347637687451,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347637687451,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ58BffWshMkgtd6AScSCKawAAAgQFtAQCCAoD5UevATt2OgEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":3,"flow_src_last_pkt_time":1499347637688298,"flow_dst_last_pkt_time":1499347637687451,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347637688298,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W01AAD4GaousEAABwKgKMufAAFAySC13X31rIoAQAOUpcwAAAQEICgE7djoD5Uev"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347503273427,"flow_src_last_pkt_time":1499347508751424,"flow_dst_last_pkt_time":1499347508750892,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347503273427,"flow_src_last_pkt_time":1499347508751424,"flow_dst_last_pkt_time":1499347508750892,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347503273427,"flow_src_last_pkt_time":1499347508751424,"flow_dst_last_pkt_time":1499347508750892,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347504529243,"flow_src_last_pkt_time":1499347509751977,"flow_dst_last_pkt_time":1499347509751265,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347504529243,"flow_src_last_pkt_time":1499347509751977,"flow_dst_last_pkt_time":1499347509751265,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347504529243,"flow_src_last_pkt_time":1499347509751977,"flow_dst_last_pkt_time":1499347509751265,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347505774649,"flow_src_last_pkt_time":1499347511753005,"flow_dst_last_pkt_time":1499347511752491,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347505774649,"flow_src_last_pkt_time":1499347511753005,"flow_dst_last_pkt_time":1499347511752491,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347505774649,"flow_src_last_pkt_time":1499347511753005,"flow_dst_last_pkt_time":1499347511752491,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347508344616,"flow_src_last_pkt_time":1499347513753618,"flow_dst_last_pkt_time":1499347513752856,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347508344616,"flow_src_last_pkt_time":1499347513753618,"flow_dst_last_pkt_time":1499347513752856,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347508344616,"flow_src_last_pkt_time":1499347513753618,"flow_dst_last_pkt_time":1499347513752856,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347509601559,"flow_src_last_pkt_time":1499347514754032,"flow_dst_last_pkt_time":1499347514753317,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347509601559,"flow_src_last_pkt_time":1499347514754032,"flow_dst_last_pkt_time":1499347514753317,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347509601559,"flow_src_last_pkt_time":1499347514754032,"flow_dst_last_pkt_time":1499347514753317,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347512081528,"flow_src_last_pkt_time":1499347517753952,"flow_dst_last_pkt_time":1499347517753427,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347512081528,"flow_src_last_pkt_time":1499347517753952,"flow_dst_last_pkt_time":1499347517753427,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347512081528,"flow_src_last_pkt_time":1499347517753952,"flow_dst_last_pkt_time":1499347517753427,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347637795320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347640199189,"flow_src_last_pkt_time":1499347640199189,"flow_dst_last_pkt_time":1499347640199189,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347640199189,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_src_last_pkt_time":1499347640199189,"flow_dst_last_pkt_time":1499347640199189,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347640199189,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81CZAAD4G8amsEAABwKgKMufaAFCvK6yIAAAAAKACchChOwAAAgQFtAQCCAoBO3iuAAAAAAEDAwc="}
@@ -2266,17 +2266,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_src_last_pkt_time":1499347647733010,"flow_dst_last_pkt_time":1499347647733010,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347647733010,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cdhAAD4GU\/isEAABwKgKMugsAFDFxvHRAAAAAKACchA9qgAAAgQFtAQCCAoBO4AJAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":2,"flow_src_last_pkt_time":1499347647733010,"flow_dst_last_pkt_time":1499347647733148,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347647733148,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6CyQ1\/Exxcbx0qAScSBnHAAAAgQFtAQCCAoD5VF+ATuACQEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5699,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":3,"flow_src_last_pkt_time":1499347647734039,"flow_dst_last_pkt_time":1499347647733148,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347647734039,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cdlAAD4GU\/+sEAABwKgKMugsAFDFxvHSkNfxMoAQAOUGJAAAAQEICgE7gAkD5VF+"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347513353022,"flow_src_last_pkt_time":1499347518754021,"flow_dst_last_pkt_time":1499347518753364,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347513353022,"flow_src_last_pkt_time":1499347518754021,"flow_dst_last_pkt_time":1499347518753364,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347513353022,"flow_src_last_pkt_time":1499347518754021,"flow_dst_last_pkt_time":1499347518753364,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347514648083,"flow_src_last_pkt_time":1499347519754244,"flow_dst_last_pkt_time":1499347519753667,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347514648083,"flow_src_last_pkt_time":1499347519754244,"flow_dst_last_pkt_time":1499347519753667,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347514648083,"flow_src_last_pkt_time":1499347519754244,"flow_dst_last_pkt_time":1499347519753667,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347517171667,"flow_src_last_pkt_time":1499347522754994,"flow_dst_last_pkt_time":1499347522754253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347517171667,"flow_src_last_pkt_time":1499347522754994,"flow_dst_last_pkt_time":1499347522754253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347517171667,"flow_src_last_pkt_time":1499347522754994,"flow_dst_last_pkt_time":1499347522754253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347518410024,"flow_src_last_pkt_time":1499347523754954,"flow_dst_last_pkt_time":1499347523754433,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347518410024,"flow_src_last_pkt_time":1499347523754954,"flow_dst_last_pkt_time":1499347523754433,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347518410024,"flow_src_last_pkt_time":1499347523754954,"flow_dst_last_pkt_time":1499347523754433,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347519679510,"flow_src_last_pkt_time":1499347524756530,"flow_dst_last_pkt_time":1499347524755987,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347519679510,"flow_src_last_pkt_time":1499347524756530,"flow_dst_last_pkt_time":1499347524755987,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347519679510,"flow_src_last_pkt_time":1499347524756530,"flow_dst_last_pkt_time":1499347524755987,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347522204574,"flow_src_last_pkt_time":1499347527756867,"flow_dst_last_pkt_time":1499347527756132,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347522204574,"flow_src_last_pkt_time":1499347527756867,"flow_dst_last_pkt_time":1499347527756132,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347522204574,"flow_src_last_pkt_time":1499347527756867,"flow_dst_last_pkt_time":1499347527756132,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347647795042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347650289951,"flow_src_last_pkt_time":1499347650289951,"flow_dst_last_pkt_time":1499347650289951,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347650289951,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_src_last_pkt_time":1499347650289951,"flow_dst_last_pkt_time":1499347650289951,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347650289951,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qjtAAD4GG5WsEAABwKgKMuhGAFAFSiizAAAAAKACchDErAAAAgQFtAQCCAoBO4KIAAAAAAEDAwc="}
@@ -2298,19 +2298,19 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_src_last_pkt_time":1499347656622725,"flow_dst_last_pkt_time":1499347656622725,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347656622725,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83x1AAD4G5rKsEAABwKgKMuiKAFBnH1eqAAAAAKACchAtbQAAAgQFtAQCCAoBO4i3AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":2,"flow_src_last_pkt_time":1499347656622725,"flow_dst_last_pkt_time":1499347656622884,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347656622884,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6Ios50nrZx9Xq6AScSBZZwAAAgQFtAQCCAoD5VotATuItwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5772,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":3,"flow_src_last_pkt_time":1499347656624773,"flow_dst_last_pkt_time":1499347656622884,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347656624773,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03x5AAD4G5rmsEAABwKgKMuiKAFBnH1erLOdJ7IAQAOX4bQAAAQEICgE7iLgD5Vot"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347523488657,"flow_src_last_pkt_time":1499347528757929,"flow_dst_last_pkt_time":1499347528757192,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347523488657,"flow_src_last_pkt_time":1499347528757929,"flow_dst_last_pkt_time":1499347528757192,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347523488657,"flow_src_last_pkt_time":1499347528757929,"flow_dst_last_pkt_time":1499347528757192,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347524782374,"flow_src_last_pkt_time":1499347530758629,"flow_dst_last_pkt_time":1499347530758099,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347524782374,"flow_src_last_pkt_time":1499347530758629,"flow_dst_last_pkt_time":1499347530758099,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347524782374,"flow_src_last_pkt_time":1499347530758629,"flow_dst_last_pkt_time":1499347530758099,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347526155708,"flow_src_last_pkt_time":1499347531758921,"flow_dst_last_pkt_time":1499347531758401,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347526155708,"flow_src_last_pkt_time":1499347531758921,"flow_dst_last_pkt_time":1499347531758401,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347526155708,"flow_src_last_pkt_time":1499347531758921,"flow_dst_last_pkt_time":1499347531758401,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347527425398,"flow_src_last_pkt_time":1499347532758830,"flow_dst_last_pkt_time":1499347532758249,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347527425398,"flow_src_last_pkt_time":1499347532758830,"flow_dst_last_pkt_time":1499347532758249,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347527425398,"flow_src_last_pkt_time":1499347532758830,"flow_dst_last_pkt_time":1499347532758249,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347528679590,"flow_src_last_pkt_time":1499347533759097,"flow_dst_last_pkt_time":1499347533758393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347528679590,"flow_src_last_pkt_time":1499347533759097,"flow_dst_last_pkt_time":1499347533758393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347528679590,"flow_src_last_pkt_time":1499347533759097,"flow_dst_last_pkt_time":1499347533758393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347531303327,"flow_src_last_pkt_time":1499347536759993,"flow_dst_last_pkt_time":1499347536759262,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347531303327,"flow_src_last_pkt_time":1499347536759993,"flow_dst_last_pkt_time":1499347536759262,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347531303327,"flow_src_last_pkt_time":1499347536759993,"flow_dst_last_pkt_time":1499347536759262,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347532560706,"flow_src_last_pkt_time":1499347537760178,"flow_dst_last_pkt_time":1499347537759631,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347532560706,"flow_src_last_pkt_time":1499347537760178,"flow_dst_last_pkt_time":1499347537759631,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347532560706,"flow_src_last_pkt_time":1499347537760178,"flow_dst_last_pkt_time":1499347537759631,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347657882769,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347659123688,"flow_src_last_pkt_time":1499347659123688,"flow_dst_last_pkt_time":1499347659123688,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347659123688,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_src_last_pkt_time":1499347659123688,"flow_dst_last_pkt_time":1499347659123688,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347659123688,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8x6pAAD4G\/iWsEAABwKgKMuikAFB+qkyDAAAAAKACchAefQAAAgQFtAQCCAoBO4spAAAAAAEDAwc="}
@@ -2336,17 +2336,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_src_last_pkt_time":1499347668069390,"flow_dst_last_pkt_time":1499347668069390,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347668069390,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TE1AAD4GeYOsEAABwKgKMukCAFANB9+oAAAAAKACchDz4AAAAgQFtAQCCAoBO5PlAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5865,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":2,"flow_src_last_pkt_time":1499347668069390,"flow_dst_last_pkt_time":1499347668069518,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347668069518,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6QI2lo7HDQffqaAScSDGIgAAAgQFtAQCCAoD5WVaATuT5QEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5866,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":3,"flow_src_last_pkt_time":1499347668070042,"flow_dst_last_pkt_time":1499347668069518,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347668070042,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TE5AAD4GeYqsEAABwKgKMukCAFANB9+pNpaOyIAQAOVlKQAAAQEICgE7k+YD5WVa"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347535081002,"flow_src_last_pkt_time":1499347540761481,"flow_dst_last_pkt_time":1499347540760745,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347535081002,"flow_src_last_pkt_time":1499347540761481,"flow_dst_last_pkt_time":1499347540760745,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347535081002,"flow_src_last_pkt_time":1499347540761481,"flow_dst_last_pkt_time":1499347540760745,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347536332683,"flow_src_last_pkt_time":1499347541761799,"flow_dst_last_pkt_time":1499347541761246,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347536332683,"flow_src_last_pkt_time":1499347541761799,"flow_dst_last_pkt_time":1499347541761246,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347536332683,"flow_src_last_pkt_time":1499347541761799,"flow_dst_last_pkt_time":1499347541761246,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347537591583,"flow_src_last_pkt_time":1499347542762044,"flow_dst_last_pkt_time":1499347542761297,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347537591583,"flow_src_last_pkt_time":1499347542762044,"flow_dst_last_pkt_time":1499347542761297,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347537591583,"flow_src_last_pkt_time":1499347542762044,"flow_dst_last_pkt_time":1499347542761297,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347540145495,"flow_src_last_pkt_time":1499347545763383,"flow_dst_last_pkt_time":1499347545762631,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347540145495,"flow_src_last_pkt_time":1499347545763383,"flow_dst_last_pkt_time":1499347545762631,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347540145495,"flow_src_last_pkt_time":1499347545763383,"flow_dst_last_pkt_time":1499347545762631,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347541398414,"flow_src_last_pkt_time":1499347546763246,"flow_dst_last_pkt_time":1499347546762530,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347541398414,"flow_src_last_pkt_time":1499347546763246,"flow_dst_last_pkt_time":1499347546762530,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347541398414,"flow_src_last_pkt_time":1499347546763246,"flow_dst_last_pkt_time":1499347546762530,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347542648815,"flow_src_last_pkt_time":1499347547763350,"flow_dst_last_pkt_time":1499347547762738,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347542648815,"flow_src_last_pkt_time":1499347547763350,"flow_dst_last_pkt_time":1499347547762738,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347542648815,"flow_src_last_pkt_time":1499347547763350,"flow_dst_last_pkt_time":1499347547762738,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347668074434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347669336569,"flow_src_last_pkt_time":1499347669336569,"flow_dst_last_pkt_time":1499347669336569,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347669336569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_src_last_pkt_time":1499347669336569,"flow_dst_last_pkt_time":1499347669336569,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347669336569,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XbZAAD4GaBqsEAABwKgKMukQAFClPsiUAAAAAKACchBxcgAAAgQFtAQCCAoBO5UiAAAAAAEDAwc="}
@@ -2372,22 +2372,22 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_src_last_pkt_time":1499347678198689,"flow_dst_last_pkt_time":1499347678198689,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347678198689,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86nhAAD4G21esEAABwKgKMuluAFCn23eyAAAAAKACchC2sQAAAgQFtAQCCAoBO53KAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":2,"flow_src_last_pkt_time":1499347678198689,"flow_dst_last_pkt_time":1499347678198840,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347678198840,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6W5MMi3pp9t3s6AScSDKUAAAAgQFtAQCCAoD5W8\/ATudygEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":3,"flow_src_last_pkt_time":1499347678199565,"flow_dst_last_pkt_time":1499347678198840,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347678199565,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06nlAAD4G216sEAABwKgKMuluAFCn23ezTDIt6oAQAOVpWAAAAQEICgE7ncoD5W8\/"}
-01041{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":106,"flow_first_seen":1499347484263170,"flow_src_last_pkt_time":1499347551239213,"flow_dst_last_pkt_time":1499347551239291,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183586,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347545176704,"flow_src_last_pkt_time":1499347550764013,"flow_dst_last_pkt_time":1499347550763225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01195{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":106,"flow_first_seen":1499347484263170,"flow_src_last_pkt_time":1499347551239213,"flow_dst_last_pkt_time":1499347551239291,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183586,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347545176704,"flow_src_last_pkt_time":1499347550764013,"flow_dst_last_pkt_time":1499347550763225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347545176704,"flow_src_last_pkt_time":1499347550764013,"flow_dst_last_pkt_time":1499347550763225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347546427962,"flow_src_last_pkt_time":1499347551497713,"flow_dst_last_pkt_time":1499347551497275,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347546427962,"flow_src_last_pkt_time":1499347551497713,"flow_dst_last_pkt_time":1499347551497275,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347546427962,"flow_src_last_pkt_time":1499347551497713,"flow_dst_last_pkt_time":1499347551497275,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347550209719,"flow_src_last_pkt_time":1499347555765997,"flow_dst_last_pkt_time":1499347555765264,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347550209719,"flow_src_last_pkt_time":1499347555765997,"flow_dst_last_pkt_time":1499347555765264,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347550209719,"flow_src_last_pkt_time":1499347555765997,"flow_dst_last_pkt_time":1499347555765264,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347551495961,"flow_src_last_pkt_time":1499347556766549,"flow_dst_last_pkt_time":1499347556765808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347551495961,"flow_src_last_pkt_time":1499347556766549,"flow_dst_last_pkt_time":1499347556765808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347551495961,"flow_src_last_pkt_time":1499347556766549,"flow_dst_last_pkt_time":1499347556765808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347552736899,"flow_src_last_pkt_time":1499347557766523,"flow_dst_last_pkt_time":1499347557765980,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347552736899,"flow_src_last_pkt_time":1499347557766523,"flow_dst_last_pkt_time":1499347557765980,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347552736899,"flow_src_last_pkt_time":1499347557766523,"flow_dst_last_pkt_time":1499347557765980,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347678804824,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347679469718,"flow_src_last_pkt_time":1499347679469718,"flow_dst_last_pkt_time":1499347679469718,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347679469718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_src_last_pkt_time":1499347679469718,"flow_dst_last_pkt_time":1499347679469718,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347679469718,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80KNAAD4G9SysEAABwKgKMul8AFCXJE+kAAAAAKACchDuKwAAAgQFtAQCCAoBO58HAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5962,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":2,"flow_src_last_pkt_time":1499347679469718,"flow_dst_last_pkt_time":1499347679469836,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347679469836,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6XyRTq6MlyRPpaAScSA6zgAAAgQFtAQCCAoD5XB8ATufBwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5963,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":3,"flow_src_last_pkt_time":1499347679470613,"flow_dst_last_pkt_time":1499347679469836,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347679470613,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00KRAAD4G9TOsEAABwKgKMul8AFCXJE+lkU6ujYAQAOXZ1AAAAQEICgE7nwgD5XB8"}
-01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347675703973,"flow_src_last_pkt_time":1499347679471019,"flow_dst_last_pkt_time":1499347675704095,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347679471019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347675703973,"flow_src_last_pkt_time":1499347679471019,"flow_dst_last_pkt_time":1499347675704095,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347679471019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347680746296,"flow_src_last_pkt_time":1499347680746296,"flow_dst_last_pkt_time":1499347680746296,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347680746296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_src_last_pkt_time":1499347680746296,"flow_dst_last_pkt_time":1499347680746296,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347680746296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qSxAAD4GHKSsEAABwKgKMumKAFCMLAlrAAAAAKACchA+DwAAAgQFtAQCCAoBO6BHAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":2,"flow_src_last_pkt_time":1499347680746296,"flow_dst_last_pkt_time":1499347680746421,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347680746421,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6YpeBd3IjCwJbKAScSCNfgAAAgQFtAQCCAoD5XG8ATugRwEDAwc="}
@@ -2400,7 +2400,7 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_src_last_pkt_time":1499347684563427,"flow_dst_last_pkt_time":1499347684563427,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347684563427,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82yNAAD4G6qysEAABwKgKMumyAFDf7X8iAAAAAKACchBwtAAAAgQFtAQCCAoBO6QBAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":2,"flow_src_last_pkt_time":1499347684563427,"flow_dst_last_pkt_time":1499347684563554,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347684563554,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6bLDIQ3O3+1\/I6AScSAnSAAAAgQFtAQCCAoD5XV2ATukAQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6003,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":3,"flow_src_last_pkt_time":1499347684564308,"flow_dst_last_pkt_time":1499347684563554,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347684564308,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02yRAAD4G6rOsEAABwKgKMumyAFDf7X8jwyENz4AQAOXGTwAAAQEICgE7pAED5XV2"}
-02389{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6010,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347675703973,"flow_src_last_pkt_time":1499347685575239,"flow_dst_last_pkt_time":1499347684567341,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16418,"midstream":0,"thread_ts_usec":1499347685575239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":122,"avg":604343.1,"max":3767000,"stddev":933372.4,"var":871184138240.0,"ent":3.7,"data": [122,677,3766369,3767000,3476,4237,1039907,1045427,5545,227268,230918,3646,1037098,1040865,3812,252859,256647,3763,1024020,1027777,3716,237350,240983,3608,1007832,1011497,3720,234952,238656,3696,1007191]},"pktlen": {"min":52,"avg":716.8,"max":1921,"stddev":755.7,"var":571022.9,"ent":4.2,"data": [60,60,52,637,52,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1921,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.571673870,5.106241703,4.892748833,6.023725510,4.854287148,7.786217690,4.945419312,5.883897781,7.741504192,4.983880997,6.049694538,7.769575596,4.830034256,5.875819206,7.739855289,4.945419312,5.995629787,7.765204906,4.831954956,5.869315147,7.744027615,4.945419312,6.017279625,7.784244537,4.753110886,5.875353813,7.744633198,4.945419312,6.029817104,7.765758514,4.945419312,5.879001617]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02543{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6010,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347675703973,"flow_src_last_pkt_time":1499347685575239,"flow_dst_last_pkt_time":1499347684567341,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16418,"midstream":0,"thread_ts_usec":1499347685575239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":122,"avg":604343.1,"max":3767000,"stddev":933372.4,"var":871184138240.0,"ent":3.7,"data": [122,677,3766369,3767000,3476,4237,1039907,1045427,5545,227268,230918,3646,1037098,1040865,3812,252859,256647,3763,1024020,1027777,3716,237350,240983,3608,1007832,1011497,3720,234952,238656,3696,1007191]},"pktlen": {"min":52,"avg":716.8,"max":1921,"stddev":755.7,"var":571022.9,"ent":4.2,"data": [60,60,52,637,52,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1921,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.571673870,5.106241703,4.892748833,6.023725510,4.854287148,7.786217690,4.945419312,5.883897781,7.741504192,4.983880997,6.049694538,7.769575596,4.830034256,5.875819206,7.739855289,4.945419312,5.995629787,7.765204906,4.831954956,5.869315147,7.744027615,4.945419312,6.017279625,7.784244537,4.753110886,5.875353813,7.744633198,4.945419312,6.029817104,7.765758514,4.945419312,5.879001617]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347687089585,"flow_src_last_pkt_time":1499347687089585,"flow_dst_last_pkt_time":1499347687089585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347687089585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_src_last_pkt_time":1499347687089585,"flow_dst_last_pkt_time":1499347687089585,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347687089585,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UahAAD4GdCisEAABwKgKMunMAFBn2\/fQAAAAAKACchBthwAAAgQFtAQCCAoBO6Z4AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6023,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":2,"flow_src_last_pkt_time":1499347687089585,"flow_dst_last_pkt_time":1499347687089686,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347687089686,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6cx2j8kIZ9v30aAScSCy+wAAAgQFtAQCCAoD5XftATumeAEDAwc="}
@@ -2409,17 +2409,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_src_last_pkt_time":1499347688364903,"flow_dst_last_pkt_time":1499347688364903,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347688364903,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8C45AAD4GukKsEAABwKgKMunaAFB\/Haw5AAAAAKACchCgjwAAAgQFtAQCCAoBO6e3AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":2,"flow_src_last_pkt_time":1499347688364903,"flow_dst_last_pkt_time":1499347688365035,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347688365035,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6dpm6d+Cfx2sOqAScSDd8AAAAgQFtAQCCAoD5XksATuntwEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":3,"flow_src_last_pkt_time":1499347688365851,"flow_dst_last_pkt_time":1499347688365035,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347688365851,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C49AAD4GukmsEAABwKgKMunaAFB\/Haw6Zunfg4AQAOV8+AAAAQEICgE7p7cD5Xks"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347555255750,"flow_src_last_pkt_time":1499347560767094,"flow_dst_last_pkt_time":1499347560766531,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347555255750,"flow_src_last_pkt_time":1499347560767094,"flow_dst_last_pkt_time":1499347560766531,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347555255750,"flow_src_last_pkt_time":1499347560767094,"flow_dst_last_pkt_time":1499347560766531,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347556523558,"flow_src_last_pkt_time":1499347561767835,"flow_dst_last_pkt_time":1499347561767081,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347556523558,"flow_src_last_pkt_time":1499347561767835,"flow_dst_last_pkt_time":1499347561767081,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347556523558,"flow_src_last_pkt_time":1499347561767835,"flow_dst_last_pkt_time":1499347561767081,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347557789292,"flow_src_last_pkt_time":1499347563767715,"flow_dst_last_pkt_time":1499347563767177,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347557789292,"flow_src_last_pkt_time":1499347563767715,"flow_dst_last_pkt_time":1499347563767177,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347557789292,"flow_src_last_pkt_time":1499347563767715,"flow_dst_last_pkt_time":1499347563767177,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347559043260,"flow_src_last_pkt_time":1499347564768317,"flow_dst_last_pkt_time":1499347564767727,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347559043260,"flow_src_last_pkt_time":1499347564768317,"flow_dst_last_pkt_time":1499347564767727,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347559043260,"flow_src_last_pkt_time":1499347564768317,"flow_dst_last_pkt_time":1499347564767727,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347560327931,"flow_src_last_pkt_time":1499347565768477,"flow_dst_last_pkt_time":1499347565767932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347560327931,"flow_src_last_pkt_time":1499347565768477,"flow_dst_last_pkt_time":1499347565767932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347560327931,"flow_src_last_pkt_time":1499347565768477,"flow_dst_last_pkt_time":1499347565767932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347561622231,"flow_src_last_pkt_time":1499347566770032,"flow_dst_last_pkt_time":1499347566769501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347561622231,"flow_src_last_pkt_time":1499347566770032,"flow_dst_last_pkt_time":1499347566769501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347561622231,"flow_src_last_pkt_time":1499347566770032,"flow_dst_last_pkt_time":1499347566769501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347688806519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347689613266,"flow_src_last_pkt_time":1499347689613266,"flow_dst_last_pkt_time":1499347689613266,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347689613266,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_src_last_pkt_time":1499347689613266,"flow_dst_last_pkt_time":1499347689613266,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347689613266,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80NlAAD4G9PasEAABwKgKMunoAFDCAng2AAAAAKACchCQZwAAAgQFtAQCCAoBO6jvAAAAAAEDAwc="}
@@ -2445,17 +2445,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_src_last_pkt_time":1499347698449087,"flow_dst_last_pkt_time":1499347698449087,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347698449087,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iq9AAD4GOyGsEAABwKgKMupGAFDXwDs\/AAAAAKACchCuoQAAAgQFtAQCCAoBO7GQAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":2,"flow_src_last_pkt_time":1499347698449087,"flow_dst_last_pkt_time":1499347698449189,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347698449189,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6kYJky3T18A7QKAScSDxLwAAAgQFtAQCCAoD5YMFATuxkAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":3,"flow_src_last_pkt_time":1499347698449969,"flow_dst_last_pkt_time":1499347698449189,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347698449969,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0irBAAD4GOyisEAABwKgKMupGAFDXwDtACZMt1IAQAOWQNgAAAQEICgE7sZED5YMF"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347564211903,"flow_src_last_pkt_time":1499347569770441,"flow_dst_last_pkt_time":1499347569769872,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347564211903,"flow_src_last_pkt_time":1499347569770441,"flow_dst_last_pkt_time":1499347569769872,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347564211903,"flow_src_last_pkt_time":1499347569770441,"flow_dst_last_pkt_time":1499347569769872,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347565457964,"flow_src_last_pkt_time":1499347570771533,"flow_dst_last_pkt_time":1499347570770802,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347565457964,"flow_src_last_pkt_time":1499347570771533,"flow_dst_last_pkt_time":1499347570770802,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347565457964,"flow_src_last_pkt_time":1499347570771533,"flow_dst_last_pkt_time":1499347570770802,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347566719570,"flow_src_last_pkt_time":1499347571771447,"flow_dst_last_pkt_time":1499347571770902,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347566719570,"flow_src_last_pkt_time":1499347571771447,"flow_dst_last_pkt_time":1499347571770902,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347566719570,"flow_src_last_pkt_time":1499347571771447,"flow_dst_last_pkt_time":1499347571770902,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347569321023,"flow_src_last_pkt_time":1499347574772050,"flow_dst_last_pkt_time":1499347574771460,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347569321023,"flow_src_last_pkt_time":1499347574772050,"flow_dst_last_pkt_time":1499347574771460,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347569321023,"flow_src_last_pkt_time":1499347574772050,"flow_dst_last_pkt_time":1499347574771460,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347570571578,"flow_src_last_pkt_time":1499347575772692,"flow_dst_last_pkt_time":1499347575771929,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347570571578,"flow_src_last_pkt_time":1499347575772692,"flow_dst_last_pkt_time":1499347575771929,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347570571578,"flow_src_last_pkt_time":1499347575772692,"flow_dst_last_pkt_time":1499347575771929,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347573065713,"flow_src_last_pkt_time":1499347578774083,"flow_dst_last_pkt_time":1499347578773242,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347573065713,"flow_src_last_pkt_time":1499347578774083,"flow_dst_last_pkt_time":1499347578773242,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347573065713,"flow_src_last_pkt_time":1499347578774083,"flow_dst_last_pkt_time":1499347578773242,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347698807461,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347699724216,"flow_src_last_pkt_time":1499347699724216,"flow_dst_last_pkt_time":1499347699724216,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347699724216,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_src_last_pkt_time":1499347699724216,"flow_dst_last_pkt_time":1499347699724216,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347699724216,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U2NAAD4Gcm2sEAABwKgKMupUAFDv6uGsAAAAAKACchDuvAAAAgQFtAQCCAoBO7LPAAAAAAEDAwc="}
@@ -2481,17 +2481,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_src_last_pkt_time":1499347709252943,"flow_dst_last_pkt_time":1499347709252943,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347709252943,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u61AAD4GCiOsEAABwKgKMuq0AFAeNwewAAAAAKACchCQvwAAAgQFtAQCCAoBO7wdAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6203,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":2,"flow_src_last_pkt_time":1499347709252943,"flow_dst_last_pkt_time":1499347709253070,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347709253070,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6rSwITsWHjcHsaAScSAU7wAAAgQFtAQCCAoD5Y2SATu8HQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":3,"flow_src_last_pkt_time":1499347709253824,"flow_dst_last_pkt_time":1499347709253070,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347709253824,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u65AAD4GCiqsEAABwKgKMuq0AFAeNwexsCE7F4AQAOWz9QAAAQEICgE7vB4D5Y2S"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347574366801,"flow_src_last_pkt_time":1499347579775041,"flow_dst_last_pkt_time":1499347579774157,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347574366801,"flow_src_last_pkt_time":1499347579775041,"flow_dst_last_pkt_time":1499347579774157,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347574366801,"flow_src_last_pkt_time":1499347579775041,"flow_dst_last_pkt_time":1499347579774157,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347575652327,"flow_src_last_pkt_time":1499347580775929,"flow_dst_last_pkt_time":1499347580774189,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347575652327,"flow_src_last_pkt_time":1499347580775929,"flow_dst_last_pkt_time":1499347580774189,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347575652327,"flow_src_last_pkt_time":1499347580775929,"flow_dst_last_pkt_time":1499347580774189,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347578164099,"flow_src_last_pkt_time":1499347583775842,"flow_dst_last_pkt_time":1499347583774143,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347578164099,"flow_src_last_pkt_time":1499347583775842,"flow_dst_last_pkt_time":1499347583774143,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347578164099,"flow_src_last_pkt_time":1499347583775842,"flow_dst_last_pkt_time":1499347583774143,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347579405941,"flow_src_last_pkt_time":1499347584775812,"flow_dst_last_pkt_time":1499347584774977,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347579405941,"flow_src_last_pkt_time":1499347584775812,"flow_dst_last_pkt_time":1499347584774977,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347579405941,"flow_src_last_pkt_time":1499347584775812,"flow_dst_last_pkt_time":1499347584774977,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347580693907,"flow_src_last_pkt_time":1499347585776772,"flow_dst_last_pkt_time":1499347585775086,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347580693907,"flow_src_last_pkt_time":1499347585776772,"flow_dst_last_pkt_time":1499347585775086,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347580693907,"flow_src_last_pkt_time":1499347585776772,"flow_dst_last_pkt_time":1499347585775086,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347583209798,"flow_src_last_pkt_time":1499347588776643,"flow_dst_last_pkt_time":1499347588774971,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347583209798,"flow_src_last_pkt_time":1499347588776643,"flow_dst_last_pkt_time":1499347588774971,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347583209798,"flow_src_last_pkt_time":1499347588776643,"flow_dst_last_pkt_time":1499347588774971,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347709257669,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347712277123,"flow_src_last_pkt_time":1499347712277123,"flow_dst_last_pkt_time":1499347712277123,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347712277123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_src_last_pkt_time":1499347712277123,"flow_dst_last_pkt_time":1499347712277123,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347712277123,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nw9AAD4GJsGsEAABwKgKMurmAFCpjSAeAAAAAKACchDp1AAAAgQFtAQCCAoBO78RAAAAAAEDAwc="}
@@ -2517,19 +2517,19 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_src_last_pkt_time":1499347720094904,"flow_dst_last_pkt_time":1499347720094904,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347720094904,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qt5AAD4GGvKsEAABwKgKMus8AFAqiGxqAAAAAKACchAUlQAAAgQFtAQCCAoBO8a0AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":2,"flow_src_last_pkt_time":1499347720094904,"flow_dst_last_pkt_time":1499347720095052,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347720095052,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6zwJv9VKKohsa6AScSCaWwAAAgQFtAQCCAoD5ZgpATvGtAEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":3,"flow_src_last_pkt_time":1499347720095794,"flow_dst_last_pkt_time":1499347720095052,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347720095794,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qt9AAD4GGvmsEAABwKgKMus8AFAqiGxrCb\/VS4AQAOU5YwAAAQEICgE7xrQD5Zgp"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347584472745,"flow_src_last_pkt_time":1499347589778584,"flow_dst_last_pkt_time":1499347589775885,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347584472745,"flow_src_last_pkt_time":1499347589778584,"flow_dst_last_pkt_time":1499347589775885,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347584472745,"flow_src_last_pkt_time":1499347589778584,"flow_dst_last_pkt_time":1499347589775885,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347585744968,"flow_src_last_pkt_time":1499347590777155,"flow_dst_last_pkt_time":1499347590776336,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347585744968,"flow_src_last_pkt_time":1499347590777155,"flow_dst_last_pkt_time":1499347590776336,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347585744968,"flow_src_last_pkt_time":1499347590777155,"flow_dst_last_pkt_time":1499347590776336,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347588270699,"flow_src_last_pkt_time":1499347593778543,"flow_dst_last_pkt_time":1499347593776764,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347588270699,"flow_src_last_pkt_time":1499347593778543,"flow_dst_last_pkt_time":1499347593776764,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347588270699,"flow_src_last_pkt_time":1499347593778543,"flow_dst_last_pkt_time":1499347593776764,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347589555860,"flow_src_last_pkt_time":1499347594779528,"flow_dst_last_pkt_time":1499347594777693,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347589555860,"flow_src_last_pkt_time":1499347594779528,"flow_dst_last_pkt_time":1499347594777693,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347589555860,"flow_src_last_pkt_time":1499347594779528,"flow_dst_last_pkt_time":1499347594777693,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347592060586,"flow_src_last_pkt_time":1499347597780448,"flow_dst_last_pkt_time":1499347597778673,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347592060586,"flow_src_last_pkt_time":1499347597780448,"flow_dst_last_pkt_time":1499347597778673,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347592060586,"flow_src_last_pkt_time":1499347597780448,"flow_dst_last_pkt_time":1499347597778673,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347593330555,"flow_src_last_pkt_time":1499347598782430,"flow_dst_last_pkt_time":1499347598780803,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347593330555,"flow_src_last_pkt_time":1499347598782430,"flow_dst_last_pkt_time":1499347598780803,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347593330555,"flow_src_last_pkt_time":1499347598782430,"flow_dst_last_pkt_time":1499347598780803,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347594595504,"flow_src_last_pkt_time":1499347599780363,"flow_dst_last_pkt_time":1499347599778803,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347594595504,"flow_src_last_pkt_time":1499347599780363,"flow_dst_last_pkt_time":1499347599778803,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347594595504,"flow_src_last_pkt_time":1499347599780363,"flow_dst_last_pkt_time":1499347599778803,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347720100012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347721376008,"flow_src_last_pkt_time":1499347721376008,"flow_dst_last_pkt_time":1499347721376008,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347721376008,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_src_last_pkt_time":1499347721376008,"flow_dst_last_pkt_time":1499347721376008,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347721376008,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UaNAAD4GdC2sEAABwKgKMutKAFCqmpZXAAAAAKACchBpRwAAAgQFtAQCCAoBO8f0AAAAAAEDAwc="}
@@ -2555,17 +2555,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_src_last_pkt_time":1499347730501574,"flow_dst_last_pkt_time":1499347730501574,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347730501574,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83upAAD4G5uWsEAABwKgKMuuoAFBoeQ40AAAAAKACchAqRAAAAgQFtAQCCAoBO9DeAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6364,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":2,"flow_src_last_pkt_time":1499347730501574,"flow_dst_last_pkt_time":1499347730501671,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347730501671,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ66jFwizsaHkONaAScSCSPAAAAgQFtAQCCAoD5aJSATvQ3gEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":3,"flow_src_last_pkt_time":1499347730502460,"flow_dst_last_pkt_time":1499347730501671,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347730502460,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03utAAD4G5uysEAABwKgKMuuoAFBoeQ41xcIs7YAQAOUxRAAAAQEICgE70N4D5aJS"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347602223242,"flow_src_last_pkt_time":1499347607783132,"flow_dst_last_pkt_time":1499347607782329,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347602223242,"flow_src_last_pkt_time":1499347607783132,"flow_dst_last_pkt_time":1499347607782329,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347602223242,"flow_src_last_pkt_time":1499347607783132,"flow_dst_last_pkt_time":1499347607782329,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347603507258,"flow_src_last_pkt_time":1499347608786078,"flow_dst_last_pkt_time":1499347608783331,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347603507258,"flow_src_last_pkt_time":1499347608786078,"flow_dst_last_pkt_time":1499347608783331,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347603507258,"flow_src_last_pkt_time":1499347608786078,"flow_dst_last_pkt_time":1499347608783331,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347604752176,"flow_src_last_pkt_time":1499347609784116,"flow_dst_last_pkt_time":1499347609783271,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347604752176,"flow_src_last_pkt_time":1499347609784116,"flow_dst_last_pkt_time":1499347609783271,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347604752176,"flow_src_last_pkt_time":1499347609784116,"flow_dst_last_pkt_time":1499347609783271,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347597121690,"flow_src_last_pkt_time":1499347602781318,"flow_dst_last_pkt_time":1499347602779522,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347597121690,"flow_src_last_pkt_time":1499347602781318,"flow_dst_last_pkt_time":1499347602779522,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347597121690,"flow_src_last_pkt_time":1499347602781318,"flow_dst_last_pkt_time":1499347602779522,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347598383395,"flow_src_last_pkt_time":1499347603782244,"flow_dst_last_pkt_time":1499347603780495,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347598383395,"flow_src_last_pkt_time":1499347603782244,"flow_dst_last_pkt_time":1499347603780495,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347598383395,"flow_src_last_pkt_time":1499347603782244,"flow_dst_last_pkt_time":1499347603780495,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347599663313,"flow_src_last_pkt_time":1499347604783249,"flow_dst_last_pkt_time":1499347604781350,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347599663313,"flow_src_last_pkt_time":1499347604783249,"flow_dst_last_pkt_time":1499347604781350,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347599663313,"flow_src_last_pkt_time":1499347604783249,"flow_dst_last_pkt_time":1499347604781350,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347731797840,"flow_src_last_pkt_time":1499347731797840,"flow_dst_last_pkt_time":1499347731797840,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347731797840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_src_last_pkt_time":1499347731797840,"flow_dst_last_pkt_time":1499347731797840,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347731797840,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84K9AAD4G5SCsEAABwKgKMuu2AFCGTjKNAAAAAKACchDmwwAAAgQFtAQCCAoBO9IiAAAAAAEDAwc="}
@@ -2595,17 +2595,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_src_last_pkt_time":1499347740751827,"flow_dst_last_pkt_time":1499347740751827,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347740751827,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8V35AAD4GblKsEAABwKgKMuwWAFBKCo2eAAAAAKACchC+2AAAAgQFtAQCCAoBO9rgAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6455,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":2,"flow_src_last_pkt_time":1499347740751827,"flow_dst_last_pkt_time":1499347740751958,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347740751958,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Bb1vAeUSgqNn6AScSASLAAAAgQFtAQCCAoD5axVATva4AEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6456,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":3,"flow_src_last_pkt_time":1499347740752516,"flow_dst_last_pkt_time":1499347740751958,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347740752516,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V39AAD4GblmsEAABwKgKMuwWAFBKCo2f9bwHlYAQAOWxMwAAAQEICgE72uAD5axV"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347606078239,"flow_src_last_pkt_time":1499347611787086,"flow_dst_last_pkt_time":1499347611785240,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347606078239,"flow_src_last_pkt_time":1499347611787086,"flow_dst_last_pkt_time":1499347611785240,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347606078239,"flow_src_last_pkt_time":1499347611787086,"flow_dst_last_pkt_time":1499347611785240,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347607344496,"flow_src_last_pkt_time":1499347612785000,"flow_dst_last_pkt_time":1499347612784293,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347607344496,"flow_src_last_pkt_time":1499347612785000,"flow_dst_last_pkt_time":1499347612784293,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347607344496,"flow_src_last_pkt_time":1499347612785000,"flow_dst_last_pkt_time":1499347612784293,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347608596103,"flow_src_last_pkt_time":1499347613787038,"flow_dst_last_pkt_time":1499347613785216,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347608596103,"flow_src_last_pkt_time":1499347613787038,"flow_dst_last_pkt_time":1499347613785216,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347608596103,"flow_src_last_pkt_time":1499347613787038,"flow_dst_last_pkt_time":1499347613785216,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347612465993,"flow_src_last_pkt_time":1499347617785866,"flow_dst_last_pkt_time":1499347617785117,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347612465993,"flow_src_last_pkt_time":1499347617785866,"flow_dst_last_pkt_time":1499347617785117,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347612465993,"flow_src_last_pkt_time":1499347617785866,"flow_dst_last_pkt_time":1499347617785117,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347613718984,"flow_src_last_pkt_time":1499347618787857,"flow_dst_last_pkt_time":1499347618786046,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347613718984,"flow_src_last_pkt_time":1499347618787857,"flow_dst_last_pkt_time":1499347618786046,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347613718984,"flow_src_last_pkt_time":1499347618787857,"flow_dst_last_pkt_time":1499347618786046,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-01137{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_src_packets_processed":210,"flow_dst_packets_processed":105,"flow_first_seen":1499347547687536,"flow_src_last_pkt_time":1499347614978921,"flow_dst_last_pkt_time":1499347614979004,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183697,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01291{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_src_packets_processed":210,"flow_dst_packets_processed":105,"flow_first_seen":1499347547687536,"flow_src_last_pkt_time":1499347614978921,"flow_dst_last_pkt_time":1499347614979004,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183697,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347743331813,"flow_src_last_pkt_time":1499347743331813,"flow_dst_last_pkt_time":1499347743331813,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347743331813,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_src_last_pkt_time":1499347743331813,"flow_dst_last_pkt_time":1499347743331813,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347743331813,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iytAAD4GOqWsEAABwKgKMuwwAFCeqlZOAAAAAKACchCe6QAAAgQFtAQCCAoBO91lAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":2,"flow_src_last_pkt_time":1499347743331813,"flow_dst_last_pkt_time":1499347743331943,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347743331943,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7DCbKjZEnqpWT6AScSAbmgAAAgQFtAQCCAoD5a7aATvdZQEDAwc="}
@@ -2614,7 +2614,7 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_src_last_pkt_time":1499347744595039,"flow_dst_last_pkt_time":1499347744595039,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347744595039,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGtAAD4GPWWsEAABwKgKMuw+AFAw9lbKAAAAAKACchAK2AAAAgQFtAQCCAoBO96hAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6485,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":2,"flow_src_last_pkt_time":1499347744595039,"flow_dst_last_pkt_time":1499347744595166,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347744595166,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7D5E+wDpMPZWy6AScSAR1wAAAgQFtAQCCAoD5bAWATveoQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6486,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":3,"flow_src_last_pkt_time":1499347744595930,"flow_dst_last_pkt_time":1499347744595166,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347744595930,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGxAAD4GPWysEAABwKgKMuw+AFAw9lbLRPsA6oAQAOWw3gAAAQEICgE73qED5bAW"}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6505,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347743331813,"flow_src_last_pkt_time":1499347746913923,"flow_dst_last_pkt_time":1499347743331943,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347746913923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6505,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347743331813,"flow_src_last_pkt_time":1499347746913923,"flow_dst_last_pkt_time":1499347743331943,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347746913923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347747187648,"flow_src_last_pkt_time":1499347747187648,"flow_dst_last_pkt_time":1499347747187648,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347747187648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_src_last_pkt_time":1499347747187648,"flow_dst_last_pkt_time":1499347747187648,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347747187648,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eZ5AAD4GTDKsEAABwKgKMuxYAFDkpJi3AAAAAKACchASmgAAAgQFtAQCCAoBO+EpAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":2,"flow_src_last_pkt_time":1499347747187648,"flow_dst_last_pkt_time":1499347747187775,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347747187775,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7FgZ9EBx5KSYuKAScSACkAAAAgQFtAQCCAoD5bKeATvhKQEDAwc="}
@@ -2627,25 +2627,25 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6527,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_src_last_pkt_time":1499347749751996,"flow_dst_last_pkt_time":1499347749751996,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347749751996,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IJFAAD4GpT+sEAABwKgKMux0AFD35MM7AAAAAKACchDSOAAAAgQFtAQCCAoBO+OqAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6528,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":2,"flow_src_last_pkt_time":1499347749751996,"flow_dst_last_pkt_time":1499347749752119,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347749752119,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7HSHR7QM9+TDPKAScSDevgAAAgQFtAQCCAoD5bUfATvjqgEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6529,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":3,"flow_src_last_pkt_time":1499347749752875,"flow_dst_last_pkt_time":1499347749752119,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347749752875,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IJJAAD4GpUasEAABwKgKMux0AFD35MM8h0e0DYAQAOV9xgAAAQEICgE746oD5bUf"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347616210936,"flow_src_last_pkt_time":1499347621787739,"flow_dst_last_pkt_time":1499347621786937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347616210936,"flow_src_last_pkt_time":1499347621787739,"flow_dst_last_pkt_time":1499347621786937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347616210936,"flow_src_last_pkt_time":1499347621787739,"flow_dst_last_pkt_time":1499347621786937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347617491735,"flow_src_last_pkt_time":1499347622787780,"flow_dst_last_pkt_time":1499347622786913,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347617491735,"flow_src_last_pkt_time":1499347622787780,"flow_dst_last_pkt_time":1499347622786913,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347617491735,"flow_src_last_pkt_time":1499347622787780,"flow_dst_last_pkt_time":1499347622786913,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347618757865,"flow_src_last_pkt_time":1499347623788694,"flow_dst_last_pkt_time":1499347623787075,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347618757865,"flow_src_last_pkt_time":1499347623788694,"flow_dst_last_pkt_time":1499347623787075,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347618757865,"flow_src_last_pkt_time":1499347623788694,"flow_dst_last_pkt_time":1499347623787075,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347621256083,"flow_src_last_pkt_time":1499347626789581,"flow_dst_last_pkt_time":1499347626787955,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347621256083,"flow_src_last_pkt_time":1499347626789581,"flow_dst_last_pkt_time":1499347626787955,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347621256083,"flow_src_last_pkt_time":1499347626789581,"flow_dst_last_pkt_time":1499347626787955,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347622524750,"flow_src_last_pkt_time":1499347627790090,"flow_dst_last_pkt_time":1499347627788816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347622524750,"flow_src_last_pkt_time":1499347627790090,"flow_dst_last_pkt_time":1499347627788816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347622524750,"flow_src_last_pkt_time":1499347627790090,"flow_dst_last_pkt_time":1499347627788816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347623786814,"flow_src_last_pkt_time":1499347628791512,"flow_dst_last_pkt_time":1499347628789755,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347623786814,"flow_src_last_pkt_time":1499347628791512,"flow_dst_last_pkt_time":1499347628789755,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347623786814,"flow_src_last_pkt_time":1499347628791512,"flow_dst_last_pkt_time":1499347628789755,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347625094633,"flow_src_last_pkt_time":1499347630791498,"flow_dst_last_pkt_time":1499347630790638,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347625094633,"flow_src_last_pkt_time":1499347630791498,"flow_dst_last_pkt_time":1499347630790638,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347625094633,"flow_src_last_pkt_time":1499347630791498,"flow_dst_last_pkt_time":1499347630790638,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347751041963,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347752308453,"flow_src_last_pkt_time":1499347752308453,"flow_dst_last_pkt_time":1499347752308453,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347752308453,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_src_last_pkt_time":1499347752308453,"flow_dst_last_pkt_time":1499347752308453,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347752308453,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qStAAD4GHKWsEAABwKgKMuyOAFBMoE8CAAAAAKACchDvHQAAAgQFtAQCCAoBO+YpAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":2,"flow_src_last_pkt_time":1499347752308453,"flow_dst_last_pkt_time":1499347752308578,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347752308578,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7I5f6lZGTKBPA6AScSB+SAAAAgQFtAQCCAoD5beeATvmKQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6547,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":3,"flow_src_last_pkt_time":1499347752309233,"flow_dst_last_pkt_time":1499347752308578,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347752309233,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qSxAAD4GHKysEAABwKgKMuyOAFBMoE8DX+pWR4AQAOUdTwAAAQEICgE75ioD5bee"}
-02292{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6548,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347743331813,"flow_src_last_pkt_time":1499347752309607,"flow_dst_last_pkt_time":1499347752053014,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16319,"midstream":0,"thread_ts_usec":1499347752309607,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":130,"avg":570935.4,"max":3582115,"stddev":886830.3,"var":786468044800.0,"ent":3.7,"data": [130,887,3581223,3582115,3304,4122,271038,275625,4605,1007486,1011252,3777,268863,273004,4125,1007482,1011640,4170,263574,267468,3888,1019754,1023735,4007,253226,261155,7923,1002871,1011773,8903,255870]},"pktlen": {"min":52,"avg":713.7,"max":1920,"stddev":750.9,"var":563862.6,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1917,52,435,1822,52,637,1920,52,435,1822,52,637]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.605007172,5.139575005,4.892748833,5.855112076,4.854287148,7.740097046,4.861793995,5.995685577,7.768898010,4.945419312,5.890089989,7.741286755,4.945419312,6.012487888,7.771459579,4.983880997,5.883958817,7.743787289,4.945419312,5.988662720,7.773043156,4.983880997,5.862193108,7.740000248,4.906957626,5.998622894,7.761761665,4.983880997,5.841221809,7.740222454,4.906957626,6.034659863]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02446{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6548,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347743331813,"flow_src_last_pkt_time":1499347752309607,"flow_dst_last_pkt_time":1499347752053014,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16319,"midstream":0,"thread_ts_usec":1499347752309607,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":130,"avg":570935.4,"max":3582115,"stddev":886830.3,"var":786468044800.0,"ent":3.7,"data": [130,887,3581223,3582115,3304,4122,271038,275625,4605,1007486,1011252,3777,268863,273004,4125,1007482,1011640,4170,263574,267468,3888,1019754,1023735,4007,253226,261155,7923,1002871,1011773,8903,255870]},"pktlen": {"min":52,"avg":713.7,"max":1920,"stddev":750.9,"var":563862.6,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1917,52,435,1822,52,637,1920,52,435,1822,52,637]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.605007172,5.139575005,4.892748833,5.855112076,4.854287148,7.740097046,4.861793995,5.995685577,7.768898010,4.945419312,5.890089989,7.741286755,4.945419312,6.012487888,7.771459579,4.983880997,5.883958817,7.743787289,4.945419312,5.988662720,7.773043156,4.983880997,5.862193108,7.740000248,4.906957626,5.998622894,7.761761665,4.983880997,5.841221809,7.740222454,4.906957626,6.034659863]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347753649698,"flow_src_last_pkt_time":1499347753649698,"flow_dst_last_pkt_time":1499347753649698,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347753649698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_src_last_pkt_time":1499347753649698,"flow_dst_last_pkt_time":1499347753649698,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347753649698,"pkt":"ABm5CmnxAMGxFOsxCABFAAA825ZAAD4G6jmsEAABwKgKMuycAFCJVjzvAAAAAKACchDDHAAAAgQFtAQCCAoBO+d5AAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6558,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":2,"flow_src_last_pkt_time":1499347753649698,"flow_dst_last_pkt_time":1499347753649826,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347753649826,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Jyb\/4pAiVY88KAScSDg6AAAAgQFtAQCCAoD5bjtATvneQEDAwc="}
@@ -2666,19 +2666,19 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6617,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_src_last_pkt_time":1499347761418781,"flow_dst_last_pkt_time":1499347761418781,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347761418781,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8apdAAD4GWzmsEAABwKgKMuzsAFC\/aIWYAAAAAKACchA8ewAAAgQFtAQCCAoBO+8PAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":2,"flow_src_last_pkt_time":1499347761418781,"flow_dst_last_pkt_time":1499347761418909,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347761418909,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7OwFUgVYv2iFmaAScSBuRgAAAgQFtAQCCAoD5cCEATvvDwEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6619,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":3,"flow_src_last_pkt_time":1499347761419670,"flow_dst_last_pkt_time":1499347761418909,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347761419670,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aphAAD4GW0CsEAABwKgKMuzsAFC\/aIWZBVIFWYAQAOUNTgAAAQEICgE77w8D5cCE"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347626349553,"flow_src_last_pkt_time":1499347631791524,"flow_dst_last_pkt_time":1499347631790670,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347626349553,"flow_src_last_pkt_time":1499347631791524,"flow_dst_last_pkt_time":1499347631790670,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347626349553,"flow_src_last_pkt_time":1499347631791524,"flow_dst_last_pkt_time":1499347631790670,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347627616552,"flow_src_last_pkt_time":1499347632792470,"flow_dst_last_pkt_time":1499347632790693,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347627616552,"flow_src_last_pkt_time":1499347632792470,"flow_dst_last_pkt_time":1499347632790693,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347627616552,"flow_src_last_pkt_time":1499347632792470,"flow_dst_last_pkt_time":1499347632790693,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347630130498,"flow_src_last_pkt_time":1499347635793357,"flow_dst_last_pkt_time":1499347635791589,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347630130498,"flow_src_last_pkt_time":1499347635793357,"flow_dst_last_pkt_time":1499347635791589,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347630130498,"flow_src_last_pkt_time":1499347635793357,"flow_dst_last_pkt_time":1499347635791589,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347631388487,"flow_src_last_pkt_time":1499347636793344,"flow_dst_last_pkt_time":1499347636791537,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347631388487,"flow_src_last_pkt_time":1499347636793344,"flow_dst_last_pkt_time":1499347636791537,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347631388487,"flow_src_last_pkt_time":1499347636793344,"flow_dst_last_pkt_time":1499347636791537,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347632635400,"flow_src_last_pkt_time":1499347637795320,"flow_dst_last_pkt_time":1499347637792529,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347632635400,"flow_src_last_pkt_time":1499347637795320,"flow_dst_last_pkt_time":1499347637792529,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347632635400,"flow_src_last_pkt_time":1499347637795320,"flow_dst_last_pkt_time":1499347637792529,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347635154437,"flow_src_last_pkt_time":1499347640794239,"flow_dst_last_pkt_time":1499347640792433,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347635154437,"flow_src_last_pkt_time":1499347640794239,"flow_dst_last_pkt_time":1499347640792433,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347635154437,"flow_src_last_pkt_time":1499347640794239,"flow_dst_last_pkt_time":1499347640792433,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347636429330,"flow_src_last_pkt_time":1499347641793151,"flow_dst_last_pkt_time":1499347641791607,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347636429330,"flow_src_last_pkt_time":1499347641793151,"flow_dst_last_pkt_time":1499347641791607,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347636429330,"flow_src_last_pkt_time":1499347641793151,"flow_dst_last_pkt_time":1499347641791607,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347761829395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347762675533,"flow_src_last_pkt_time":1499347762675533,"flow_dst_last_pkt_time":1499347762675533,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347762675533,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_src_last_pkt_time":1499347762675533,"flow_dst_last_pkt_time":1499347762675533,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347762675533,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U3VAAD4GclusEAABwKgKMuz6AFDBm6M8AAAAAKACchAbXAAAAgQFtAQCCAoBO\/BJAAAAAAEDAwc="}
@@ -2708,17 +2708,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_src_last_pkt_time":1499347771635838,"flow_dst_last_pkt_time":1499347771635838,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347771635838,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jzNAAD4GNp2sEAABwKgKMu1aAFBxsHY6AAAAAKACchCPKQAAAgQFtAQCCAoBO\/kJAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6706,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":2,"flow_src_last_pkt_time":1499347771635838,"flow_dst_last_pkt_time":1499347771635963,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347771635963,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7VoJ3i\/mcbB2O6AScSCH4AAAAgQFtAQCCAoD5cp+ATv5CQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":3,"flow_src_last_pkt_time":1499347771636742,"flow_dst_last_pkt_time":1499347771635963,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347771636742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jzRAAD4GNqSsEAABwKgKMu1aAFBxsHY7Cd4v54AQAOUm6AAAAQEICgE7+QkD5cp+"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347637687348,"flow_src_last_pkt_time":1499347642795114,"flow_dst_last_pkt_time":1499347642792357,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347637687348,"flow_src_last_pkt_time":1499347642795114,"flow_dst_last_pkt_time":1499347642792357,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347637687348,"flow_src_last_pkt_time":1499347642795114,"flow_dst_last_pkt_time":1499347642792357,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347640199189,"flow_src_last_pkt_time":1499347645794086,"flow_dst_last_pkt_time":1499347645793230,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347640199189,"flow_src_last_pkt_time":1499347645794086,"flow_dst_last_pkt_time":1499347645793230,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347640199189,"flow_src_last_pkt_time":1499347645794086,"flow_dst_last_pkt_time":1499347645793230,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347641440192,"flow_src_last_pkt_time":1499347646795069,"flow_dst_last_pkt_time":1499347646793244,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347641440192,"flow_src_last_pkt_time":1499347646795069,"flow_dst_last_pkt_time":1499347646793244,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347641440192,"flow_src_last_pkt_time":1499347646795069,"flow_dst_last_pkt_time":1499347646793244,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347642716181,"flow_src_last_pkt_time":1499347647795042,"flow_dst_last_pkt_time":1499347647793254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347642716181,"flow_src_last_pkt_time":1499347647795042,"flow_dst_last_pkt_time":1499347647793254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347642716181,"flow_src_last_pkt_time":1499347647795042,"flow_dst_last_pkt_time":1499347647793254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347645232370,"flow_src_last_pkt_time":1499347650797981,"flow_dst_last_pkt_time":1499347650795171,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347645232370,"flow_src_last_pkt_time":1499347650797981,"flow_dst_last_pkt_time":1499347650795171,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347645232370,"flow_src_last_pkt_time":1499347650797981,"flow_dst_last_pkt_time":1499347650795171,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347646486073,"flow_src_last_pkt_time":1499347651805864,"flow_dst_last_pkt_time":1499347651799145,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347646486073,"flow_src_last_pkt_time":1499347651805864,"flow_dst_last_pkt_time":1499347651799145,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347646486073,"flow_src_last_pkt_time":1499347651805864,"flow_dst_last_pkt_time":1499347651799145,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347771832407,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347774205265,"flow_src_last_pkt_time":1499347774205265,"flow_dst_last_pkt_time":1499347774205265,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347774205265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_src_last_pkt_time":1499347774205265,"flow_dst_last_pkt_time":1499347774205265,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347774205265,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pr5AAD4GHxKsEAABwKgKMu10AFBYS10yAAAAAKACchC++QAAAgQFtAQCCAoBO\/uMAAAAAAEDAwc="}
@@ -2740,17 +2740,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_src_last_pkt_time":1499347780605080,"flow_dst_last_pkt_time":1499347780605080,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347780605080,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Kg9AAD4Gm8GsEAABwKgKMu24AFBtBSvDAAAAAKACchDVKgAAAgQFtAQCCAoBPAHMAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6781,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":2,"flow_src_last_pkt_time":1499347780605080,"flow_dst_last_pkt_time":1499347780605181,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347780605181,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7bgVufFFbQUrxKAScSD35AAAAgQFtAQCCAoD5dNAATwBzAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":3,"flow_src_last_pkt_time":1499347780605963,"flow_dst_last_pkt_time":1499347780605181,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347780605963,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KhBAAD4Gm8isEAABwKgKMu24AFBtBSvEFbnxRoAQAOWW7AAAAQEICgE8AcwD5dNA"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347647733010,"flow_src_last_pkt_time":1499347652800831,"flow_dst_last_pkt_time":1499347652797100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347647733010,"flow_src_last_pkt_time":1499347652800831,"flow_dst_last_pkt_time":1499347652797100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347647733010,"flow_src_last_pkt_time":1499347652800831,"flow_dst_last_pkt_time":1499347652797100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347650289951,"flow_src_last_pkt_time":1499347655800781,"flow_dst_last_pkt_time":1499347655798002,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347650289951,"flow_src_last_pkt_time":1499347655800781,"flow_dst_last_pkt_time":1499347655798002,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347650289951,"flow_src_last_pkt_time":1499347655800781,"flow_dst_last_pkt_time":1499347655798002,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347651555924,"flow_src_last_pkt_time":1499347656799804,"flow_dst_last_pkt_time":1499347656797937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347651555924,"flow_src_last_pkt_time":1499347656799804,"flow_dst_last_pkt_time":1499347656797937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347651555924,"flow_src_last_pkt_time":1499347656799804,"flow_dst_last_pkt_time":1499347656797937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347654065841,"flow_src_last_pkt_time":1499347659803723,"flow_dst_last_pkt_time":1499347659799914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347654065841,"flow_src_last_pkt_time":1499347659803723,"flow_dst_last_pkt_time":1499347659799914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347654065841,"flow_src_last_pkt_time":1499347659803723,"flow_dst_last_pkt_time":1499347659799914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347655367825,"flow_src_last_pkt_time":1499347660809604,"flow_dst_last_pkt_time":1499347660802841,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347655367825,"flow_src_last_pkt_time":1499347660809604,"flow_dst_last_pkt_time":1499347660802841,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347655367825,"flow_src_last_pkt_time":1499347660809604,"flow_dst_last_pkt_time":1499347660802841,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347656622725,"flow_src_last_pkt_time":1499347661802583,"flow_dst_last_pkt_time":1499347661798834,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347656622725,"flow_src_last_pkt_time":1499347661802583,"flow_dst_last_pkt_time":1499347661798834,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347656622725,"flow_src_last_pkt_time":1499347661802583,"flow_dst_last_pkt_time":1499347661798834,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347781915314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347783176569,"flow_src_last_pkt_time":1499347783176569,"flow_dst_last_pkt_time":1499347783176569,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347783176569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_src_last_pkt_time":1499347783176569,"flow_dst_last_pkt_time":1499347783176569,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347783176569,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8URhAAD4GdLisEAABwKgKMu3SAFAelFVWAAAAAKACchD3bAAAAgQFtAQCCAoBPAROAAAAAAEDAwc="}
@@ -2776,15 +2776,15 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6871,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_src_last_pkt_time":1499347792291066,"flow_dst_last_pkt_time":1499347792291066,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347792291066,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GCRAAD4GraysEAABwKgKMu4wAFDmKhURAAAAAKACchBm1gAAAgQFtAQCCAoBPA01AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":2,"flow_src_last_pkt_time":1499347792291066,"flow_dst_last_pkt_time":1499347792291132,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347792291132,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7jDnRnKf5ioVEqAScSArPwAAAgQFtAQCCAoD5d6qATwNNQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":3,"flow_src_last_pkt_time":1499347792291908,"flow_dst_last_pkt_time":1499347792291132,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347792291908,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GCVAAD4GrbOsEAABwKgKMu4wAFDmKhUS50ZyoIAQAOXKRgAAAQEICgE8DTUD5d6q"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347659123688,"flow_src_last_pkt_time":1499347664799139,"flow_dst_last_pkt_time":1499347664798393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347659123688,"flow_src_last_pkt_time":1499347664799139,"flow_dst_last_pkt_time":1499347664798393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347659123688,"flow_src_last_pkt_time":1499347664799139,"flow_dst_last_pkt_time":1499347664798393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347660441643,"flow_src_last_pkt_time":1499347665799368,"flow_dst_last_pkt_time":1499347665798630,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347660441643,"flow_src_last_pkt_time":1499347665799368,"flow_dst_last_pkt_time":1499347665798630,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347660441643,"flow_src_last_pkt_time":1499347665799368,"flow_dst_last_pkt_time":1499347665798630,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347661705590,"flow_src_last_pkt_time":1499347666802035,"flow_dst_last_pkt_time":1499347666801521,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347661705590,"flow_src_last_pkt_time":1499347666802035,"flow_dst_last_pkt_time":1499347666801521,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347661705590,"flow_src_last_pkt_time":1499347666802035,"flow_dst_last_pkt_time":1499347666801521,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347664226936,"flow_src_last_pkt_time":1499347669803399,"flow_dst_last_pkt_time":1499347669802666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347664226936,"flow_src_last_pkt_time":1499347669803399,"flow_dst_last_pkt_time":1499347669802666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347664226936,"flow_src_last_pkt_time":1499347669803399,"flow_dst_last_pkt_time":1499347669802666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347665473433,"flow_src_last_pkt_time":1499347670803436,"flow_dst_last_pkt_time":1499347670802888,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347665473433,"flow_src_last_pkt_time":1499347670803436,"flow_dst_last_pkt_time":1499347670802888,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347665473433,"flow_src_last_pkt_time":1499347670803436,"flow_dst_last_pkt_time":1499347670802888,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347792837525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347793575417,"flow_src_last_pkt_time":1499347793575417,"flow_dst_last_pkt_time":1499347793575417,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347793575417,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_src_last_pkt_time":1499347793575417,"flow_dst_last_pkt_time":1499347793575417,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347793575417,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86x9AAD4G2rCsEAABwKgKMu4+AFCp1uVpAAAAAKACchDRggAAAgQFtAQCCAoBPA52AAAAAAEDAwc="}
@@ -2810,16 +2810,16 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_src_last_pkt_time":1499347802549433,"flow_dst_last_pkt_time":1499347802549433,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347802549433,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jF5AAD4GOXKsEAABwKgKMoBUAFDx5ZtkAAAAAKACchA4nwAAAgQFtAQCCAoBPBc6AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":2,"flow_src_last_pkt_time":1499347802549433,"flow_dst_last_pkt_time":1499347802549556,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347802549556,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgFQ6vzwG8eWbZaAScSDWJAAAAgQFtAQCCAoD5eiuATwXOgEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":3,"flow_src_last_pkt_time":1499347802550162,"flow_dst_last_pkt_time":1499347802549556,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347802550162,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jF9AAD4GOXmsEAABwKgKMoBUAFDx5ZtlOr88B4AQAOV1LAAAAQEICgE8FzoD5eiu"}
-01041{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_src_packets_processed":214,"flow_dst_packets_processed":107,"flow_first_seen":1499347611162032,"flow_src_last_pkt_time":1499347679227206,"flow_dst_last_pkt_time":1499347679227269,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183584,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347668069390,"flow_src_last_pkt_time":1499347673803925,"flow_dst_last_pkt_time":1499347673803372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01195{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_src_packets_processed":214,"flow_dst_packets_processed":107,"flow_first_seen":1499347611162032,"flow_src_last_pkt_time":1499347679227206,"flow_dst_last_pkt_time":1499347679227269,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183584,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347668069390,"flow_src_last_pkt_time":1499347673803925,"flow_dst_last_pkt_time":1499347673803372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347668069390,"flow_src_last_pkt_time":1499347673803925,"flow_dst_last_pkt_time":1499347673803372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347669336569,"flow_src_last_pkt_time":1499347674804525,"flow_dst_last_pkt_time":1499347674804004,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347669336569,"flow_src_last_pkt_time":1499347674804525,"flow_dst_last_pkt_time":1499347674804004,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347669336569,"flow_src_last_pkt_time":1499347674804525,"flow_dst_last_pkt_time":1499347674804004,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347670582234,"flow_src_last_pkt_time":1499347675804558,"flow_dst_last_pkt_time":1499347675803982,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347670582234,"flow_src_last_pkt_time":1499347675804558,"flow_dst_last_pkt_time":1499347675803982,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347670582234,"flow_src_last_pkt_time":1499347675804558,"flow_dst_last_pkt_time":1499347675803982,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347673136683,"flow_src_last_pkt_time":1499347678804824,"flow_dst_last_pkt_time":1499347678804064,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347673136683,"flow_src_last_pkt_time":1499347678804824,"flow_dst_last_pkt_time":1499347678804064,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347673136683,"flow_src_last_pkt_time":1499347678804824,"flow_dst_last_pkt_time":1499347678804064,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347674433683,"flow_src_last_pkt_time":1499347679471657,"flow_dst_last_pkt_time":1499347679471187,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347674433683,"flow_src_last_pkt_time":1499347679471657,"flow_dst_last_pkt_time":1499347679471187,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347674433683,"flow_src_last_pkt_time":1499347679471657,"flow_dst_last_pkt_time":1499347679471187,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347802840074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347805119465,"flow_src_last_pkt_time":1499347805119465,"flow_dst_last_pkt_time":1499347805119465,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347805119465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_src_last_pkt_time":1499347805119465,"flow_dst_last_pkt_time":1499347805119465,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347805119465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZmVAAD4GX2usEAABwKgKMoBuAFBq0H\/ZAAAAAKACchDYowAAAgQFtAQCCAoBPBm8AAAAAAEDAwc="}
@@ -2841,20 +2841,20 @@
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7030,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_src_last_pkt_time":1499347811525785,"flow_dst_last_pkt_time":1499347811525785,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347811525785,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/z1AAD4GxpKsEAABwKgKMoCyAFD5M+DDAAAAAKACchDizwAAAgQFtAQCCAoBPB\/+AAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":2,"flow_src_last_pkt_time":1499347811525785,"flow_dst_last_pkt_time":1499347811525877,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347811525877,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgLJEEu3h+TPgxKAScSC8YgAAAgQFtAQCCAoD5fFyATwf\/gEDAwc="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":3,"flow_src_last_pkt_time":1499347811526679,"flow_dst_last_pkt_time":1499347811525877,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347811526679,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/z5AAD4GxpmsEAABwKgKMoCyAFD5M+DERBLt4oAQAOVbagAAAQEICgE8H\/4D5fFy"}
-01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347807664615,"flow_src_last_pkt_time":1499347811526686,"flow_dst_last_pkt_time":1499347807664773,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347811526686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347807664615,"flow_src_last_pkt_time":1499347811526686,"flow_dst_last_pkt_time":1499347807664773,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347811526686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347812797349,"flow_src_last_pkt_time":1499347812797349,"flow_dst_last_pkt_time":1499347812797349,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812797349,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_src_last_pkt_time":1499347812797349,"flow_dst_last_pkt_time":1499347812797349,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347812797349,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YtxAAD4GYvSsEAABwKgKMoDAAFAQTEPgAAAAAKACchBnTwAAAgQFtAQCCAoBPCE8AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":2,"flow_src_last_pkt_time":1499347812797349,"flow_dst_last_pkt_time":1499347812797445,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347812797445,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgMBbJW45EExD4aAScSCoOQAAAgQFtAQCCAoD5fKwATwhPAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":3,"flow_src_last_pkt_time":1499347812798223,"flow_dst_last_pkt_time":1499347812797445,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347812798223,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Yt1AAD4GYvusEAABwKgKMoDAAFAQTEPhWyVuOoAQAOVHQQAAAQEICgE8ITwD5fKw"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347678198689,"flow_src_last_pkt_time":1499347683805476,"flow_dst_last_pkt_time":1499347683804756,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347678198689,"flow_src_last_pkt_time":1499347683805476,"flow_dst_last_pkt_time":1499347683804756,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347678198689,"flow_src_last_pkt_time":1499347683805476,"flow_dst_last_pkt_time":1499347683804756,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347679469718,"flow_src_last_pkt_time":1499347684805641,"flow_dst_last_pkt_time":1499347684804857,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347679469718,"flow_src_last_pkt_time":1499347684805641,"flow_dst_last_pkt_time":1499347684804857,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347679469718,"flow_src_last_pkt_time":1499347684805641,"flow_dst_last_pkt_time":1499347684804857,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347680746296,"flow_src_last_pkt_time":1499347685805699,"flow_dst_last_pkt_time":1499347685804995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347680746296,"flow_src_last_pkt_time":1499347685805699,"flow_dst_last_pkt_time":1499347685804995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347680746296,"flow_src_last_pkt_time":1499347685805699,"flow_dst_last_pkt_time":1499347685804995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347683313458,"flow_src_last_pkt_time":1499347688806519,"flow_dst_last_pkt_time":1499347688805762,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347683313458,"flow_src_last_pkt_time":1499347688806519,"flow_dst_last_pkt_time":1499347688805762,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347683313458,"flow_src_last_pkt_time":1499347688806519,"flow_dst_last_pkt_time":1499347688805762,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347684563427,"flow_src_last_pkt_time":1499347689806584,"flow_dst_last_pkt_time":1499347689805841,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347684563427,"flow_src_last_pkt_time":1499347689806584,"flow_dst_last_pkt_time":1499347689805841,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347684563427,"flow_src_last_pkt_time":1499347689806584,"flow_dst_last_pkt_time":1499347689805841,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347812802121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347814066618,"flow_src_last_pkt_time":1499347814066618,"flow_dst_last_pkt_time":1499347814066618,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347814066618,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_src_last_pkt_time":1499347814066618,"flow_dst_last_pkt_time":1499347814066618,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347814066618,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NuNAAD4Gju2sEAABwKgKMoDOAFApMBSaAAAAAKACchB8ZgAAAgQFtAQCCAoBPCJ5AAAAAAEDAwc="}
@@ -2868,7 +2868,7 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_src_last_pkt_time":1499347816657942,"flow_dst_last_pkt_time":1499347816657942,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347816657942,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lQ1AAD4GMMOsEAABwKgKMoDqAFAyzLAMAAAAAKACchDUswAAAgQFtAQCCAoBPCUBAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":2,"flow_src_last_pkt_time":1499347816657942,"flow_dst_last_pkt_time":1499347816658067,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347816658067,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgOp6zxHVMsywDaAScSBOkwAAAgQFtAQCCAoD5fZ1ATwlAQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":3,"flow_src_last_pkt_time":1499347816658755,"flow_dst_last_pkt_time":1499347816658067,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347816658755,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lQ5AAD4GMMqsEAABwKgKMoDqAFAyzLANes8R1oAQAOXtmgAAAQEICgE8JQED5fZ1"}
-02389{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":7082,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347807664615,"flow_src_last_pkt_time":1499347817702402,"flow_dst_last_pkt_time":1499347816662711,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16417,"midstream":0,"thread_ts_usec":1499347817702402,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":158,"avg":614060.8,"max":3861987,"stddev":952957.6,"var":908128223232.0,"ent":3.7,"data": [158,871,3861200,3861987,3248,3959,1007386,1010966,3670,256861,260494,3559,1018334,1021980,3614,243418,246972,3620,1033482,1037187,3726,244230,248333,4100,1037495,1041661,4162,261455,265110,3630,1039015]},"pktlen": {"min":52,"avg":716.8,"max":1921,"stddev":755.6,"var":570948.0,"ent":4.2,"data": [60,60,52,637,52,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1916,52,435,1822,52,637,1921,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.525758743,5.072907925,4.892748356,6.020434380,4.892748833,7.791048527,4.945419312,5.893647194,7.740782261,4.830034733,6.007053375,7.809398174,4.945419312,5.892089844,7.742994785,4.777055264,6.018450260,7.794157982,4.906957626,5.894688606,7.744627476,4.906957626,6.065685749,7.761301517,4.868495941,5.905168533,7.745905876,4.868495941,6.015729427,7.773281574,4.853978634,5.898605347]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02543{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":7082,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347807664615,"flow_src_last_pkt_time":1499347817702402,"flow_dst_last_pkt_time":1499347816662711,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16417,"midstream":0,"thread_ts_usec":1499347817702402,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":158,"avg":614060.8,"max":3861987,"stddev":952957.6,"var":908128223232.0,"ent":3.7,"data": [158,871,3861200,3861987,3248,3959,1007386,1010966,3670,256861,260494,3559,1018334,1021980,3614,243418,246972,3620,1033482,1037187,3726,244230,248333,4100,1037495,1041661,4162,261455,265110,3630,1039015]},"pktlen": {"min":52,"avg":716.8,"max":1921,"stddev":755.6,"var":570948.0,"ent":4.2,"data": [60,60,52,637,52,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1916,52,435,1822,52,637,1921,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.525758743,5.072907925,4.892748356,6.020434380,4.892748833,7.791048527,4.945419312,5.893647194,7.740782261,4.830034733,6.007053375,7.809398174,4.945419312,5.892089844,7.742994785,4.777055264,6.018450260,7.794157982,4.906957626,5.894688606,7.744627476,4.906957626,6.065685749,7.761301517,4.868495941,5.905168533,7.745905876,4.868495941,6.015729427,7.773281574,4.853978634,5.898605347]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7094,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347819250899,"flow_src_last_pkt_time":1499347819250899,"flow_dst_last_pkt_time":1499347819250899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347819250899,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7094,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_src_last_pkt_time":1499347819250899,"flow_dst_last_pkt_time":1499347819250899,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347819250899,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LORAAD4GmOysEAABwKgKMoEEAFDtQwttAAAAAKACchC8OQAAAgQFtAQCCAoBPCeJAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":2,"flow_src_last_pkt_time":1499347819250899,"flow_dst_last_pkt_time":1499347819251024,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347819251024,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgQQkyBmr7UMLbqAScSCBwQAAAgQFtAQCCAoD5fj+ATwniQEDAwc="}
@@ -2881,19 +2881,19 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_src_last_pkt_time":1499347823117412,"flow_dst_last_pkt_time":1499347823117412,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347823117412,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/vRAAD4GxtusEAABwKgKMoEsAFBFq9WkAAAAAKACchCVqwAAAgQFtAQCCAoBPCtQAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":2,"flow_src_last_pkt_time":1499347823117412,"flow_dst_last_pkt_time":1499347823117538,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347823117538,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgSyhFRrnRavVpaAScSDZ4wAAAgQFtAQCCAoD5fzEATwrUAEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":3,"flow_src_last_pkt_time":1499347823118291,"flow_dst_last_pkt_time":1499347823117538,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347823118291,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/vVAAD4GxuKsEAABwKgKMoEsAFBFq9WloRUa6IAQAOV46wAAAQEICgE8K1AD5fzE"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347687089585,"flow_src_last_pkt_time":1499347692807517,"flow_dst_last_pkt_time":1499347692806749,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347687089585,"flow_src_last_pkt_time":1499347692807517,"flow_dst_last_pkt_time":1499347692806749,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347687089585,"flow_src_last_pkt_time":1499347692807517,"flow_dst_last_pkt_time":1499347692806749,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347688364903,"flow_src_last_pkt_time":1499347693807450,"flow_dst_last_pkt_time":1499347693806679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347688364903,"flow_src_last_pkt_time":1499347693807450,"flow_dst_last_pkt_time":1499347693806679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347688364903,"flow_src_last_pkt_time":1499347693807450,"flow_dst_last_pkt_time":1499347693806679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347689613266,"flow_src_last_pkt_time":1499347694807341,"flow_dst_last_pkt_time":1499347694806612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347689613266,"flow_src_last_pkt_time":1499347694807341,"flow_dst_last_pkt_time":1499347694806612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347689613266,"flow_src_last_pkt_time":1499347694807341,"flow_dst_last_pkt_time":1499347694806612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347692128037,"flow_src_last_pkt_time":1499347697807467,"flow_dst_last_pkt_time":1499347697806736,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347692128037,"flow_src_last_pkt_time":1499347697807467,"flow_dst_last_pkt_time":1499347697806736,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347692128037,"flow_src_last_pkt_time":1499347697807467,"flow_dst_last_pkt_time":1499347697806736,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347693386714,"flow_src_last_pkt_time":1499347698807461,"flow_dst_last_pkt_time":1499347698806916,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347693386714,"flow_src_last_pkt_time":1499347698807461,"flow_dst_last_pkt_time":1499347698806916,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347693386714,"flow_src_last_pkt_time":1499347698807461,"flow_dst_last_pkt_time":1499347698806916,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347694661136,"flow_src_last_pkt_time":1499347699807788,"flow_dst_last_pkt_time":1499347699807055,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347694661136,"flow_src_last_pkt_time":1499347699807788,"flow_dst_last_pkt_time":1499347699807055,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347694661136,"flow_src_last_pkt_time":1499347699807788,"flow_dst_last_pkt_time":1499347699807055,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347697189817,"flow_src_last_pkt_time":1499347702808986,"flow_dst_last_pkt_time":1499347702808218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347697189817,"flow_src_last_pkt_time":1499347702808986,"flow_dst_last_pkt_time":1499347702808218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347697189817,"flow_src_last_pkt_time":1499347702808986,"flow_dst_last_pkt_time":1499347702808218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347823121904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347824426335,"flow_src_last_pkt_time":1499347824426335,"flow_dst_last_pkt_time":1499347824426335,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347824426335,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_src_last_pkt_time":1499347824426335,"flow_dst_last_pkt_time":1499347824426335,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347824426335,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80mVAAD4G82qsEAABwKgKMoE6AFCPwv7yAAAAAKACchAg8QAAAgQFtAQCCAoBPCyXAAAAAAEDAwc="}
@@ -2919,17 +2919,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_src_last_pkt_time":1499347833462049,"flow_dst_last_pkt_time":1499347833462049,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347833462049,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8H+JAAD4Gpe6sEAABwKgKMoGYAFAzOSqIAAAAAKACchBItAAAAgQFtAQCCAoBPDVqAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":2,"flow_src_last_pkt_time":1499347833462049,"flow_dst_last_pkt_time":1499347833462176,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347833462176,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgZimBogRMzkqiaAScSAQtwAAAgQFtAQCCAoD5gbeATw1agEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":3,"flow_src_last_pkt_time":1499347833462937,"flow_dst_last_pkt_time":1499347833462176,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347833462937,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H+NAAD4GpfWsEAABwKgKMoGYAFAzOSqJpgaIEoAQAOWvvgAAAQEICgE8NWoD5gbe"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347698449087,"flow_src_last_pkt_time":1499347703808915,"flow_dst_last_pkt_time":1499347703808159,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347698449087,"flow_src_last_pkt_time":1499347703808915,"flow_dst_last_pkt_time":1499347703808159,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347698449087,"flow_src_last_pkt_time":1499347703808915,"flow_dst_last_pkt_time":1499347703808159,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347699724216,"flow_src_last_pkt_time":1499347704808943,"flow_dst_last_pkt_time":1499347704808390,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347699724216,"flow_src_last_pkt_time":1499347704808943,"flow_dst_last_pkt_time":1499347704808390,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347699724216,"flow_src_last_pkt_time":1499347704808943,"flow_dst_last_pkt_time":1499347704808390,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347702287352,"flow_src_last_pkt_time":1499347707810676,"flow_dst_last_pkt_time":1499347707809899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347702287352,"flow_src_last_pkt_time":1499347707810676,"flow_dst_last_pkt_time":1499347707809899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347702287352,"flow_src_last_pkt_time":1499347707810676,"flow_dst_last_pkt_time":1499347707809899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347703726679,"flow_src_last_pkt_time":1499347708810536,"flow_dst_last_pkt_time":1499347708809952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347703726679,"flow_src_last_pkt_time":1499347708810536,"flow_dst_last_pkt_time":1499347708809952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347703726679,"flow_src_last_pkt_time":1499347708810536,"flow_dst_last_pkt_time":1499347708809952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347705116020,"flow_src_last_pkt_time":1499347710811821,"flow_dst_last_pkt_time":1499347710811098,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347705116020,"flow_src_last_pkt_time":1499347710811821,"flow_dst_last_pkt_time":1499347710811098,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347705116020,"flow_src_last_pkt_time":1499347710811821,"flow_dst_last_pkt_time":1499347710811098,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347706399626,"flow_src_last_pkt_time":1499347711812303,"flow_dst_last_pkt_time":1499347711811559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347706399626,"flow_src_last_pkt_time":1499347711812303,"flow_dst_last_pkt_time":1499347711811559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347706399626,"flow_src_last_pkt_time":1499347711812303,"flow_dst_last_pkt_time":1499347711811559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347833848456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347836095456,"flow_src_last_pkt_time":1499347836095456,"flow_dst_last_pkt_time":1499347836095456,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347836095456,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_src_last_pkt_time":1499347836095456,"flow_dst_last_pkt_time":1499347836095456,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347836095456,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z2FAAD4GXm+sEAABwKgKMoGyAFBvhFCdAAAAAKACchDjpwAAAgQFtAQCCAoBPDf8AAAAAAEDAwc="}
@@ -2951,17 +2951,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_src_last_pkt_time":1499347842491750,"flow_dst_last_pkt_time":1499347842491750,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347842491750,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lUdAAD4GMImsEAABwKgKMoH2AFCtqqt8AAAAAKACchBEHwAAAgQFtAQCCAoBPD47AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":2,"flow_src_last_pkt_time":1499347842491750,"flow_dst_last_pkt_time":1499347842491871,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347842491871,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgfYhjECLraqrfaAScSDPUAAAAgQFtAQCCAoD5g+wATw+OwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7284,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":3,"flow_src_last_pkt_time":1499347842492638,"flow_dst_last_pkt_time":1499347842491871,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347842492638,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lUhAAD4GMJCsEAABwKgKMoH2AFCtqqt9IYxAjIAQAOVuVwAAAQEICgE8PjwD5g+w"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347709252943,"flow_src_last_pkt_time":1499347714812103,"flow_dst_last_pkt_time":1499347714811543,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347709252943,"flow_src_last_pkt_time":1499347714812103,"flow_dst_last_pkt_time":1499347714811543,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347709252943,"flow_src_last_pkt_time":1499347714812103,"flow_dst_last_pkt_time":1499347714811543,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347712277123,"flow_src_last_pkt_time":1499347717814101,"flow_dst_last_pkt_time":1499347717813503,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347712277123,"flow_src_last_pkt_time":1499347717814101,"flow_dst_last_pkt_time":1499347717813503,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347712277123,"flow_src_last_pkt_time":1499347717814101,"flow_dst_last_pkt_time":1499347717813503,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347712277163,"flow_src_last_pkt_time":1499347717814060,"flow_dst_last_pkt_time":1499347717813497,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347712277163,"flow_src_last_pkt_time":1499347717814060,"flow_dst_last_pkt_time":1499347717813497,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347712277163,"flow_src_last_pkt_time":1499347717814060,"flow_dst_last_pkt_time":1499347717813497,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347713588576,"flow_src_last_pkt_time":1499347718814992,"flow_dst_last_pkt_time":1499347718814209,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347713588576,"flow_src_last_pkt_time":1499347718814992,"flow_dst_last_pkt_time":1499347718814209,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347713588576,"flow_src_last_pkt_time":1499347718814992,"flow_dst_last_pkt_time":1499347718814209,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347716243461,"flow_src_last_pkt_time":1499347721814827,"flow_dst_last_pkt_time":1499347721814255,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347716243461,"flow_src_last_pkt_time":1499347721814827,"flow_dst_last_pkt_time":1499347721814255,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347716243461,"flow_src_last_pkt_time":1499347721814827,"flow_dst_last_pkt_time":1499347721814255,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347717533777,"flow_src_last_pkt_time":1499347722814566,"flow_dst_last_pkt_time":1499347722813926,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347717533777,"flow_src_last_pkt_time":1499347722814566,"flow_dst_last_pkt_time":1499347722813926,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347717533777,"flow_src_last_pkt_time":1499347722814566,"flow_dst_last_pkt_time":1499347722813926,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347843851569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347845077766,"flow_src_last_pkt_time":1499347845077766,"flow_dst_last_pkt_time":1499347845077766,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347845077766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_src_last_pkt_time":1499347845077766,"flow_dst_last_pkt_time":1499347845077766,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347845077766,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83IxAAD4G6UOsEAABwKgKMoIQAFCGLpxOAAAAAKACchB4KAAAAgQFtAQCCAoBPEDCAAAAAAEDAwc="}
@@ -2987,15 +2987,15 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_src_last_pkt_time":1499347852742641,"flow_dst_last_pkt_time":1499347852742641,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347852742641,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87IFAAD4G2U6sEAABwKgKMoJiAFDnuKS\/AAAAAKACchAGXwAAAgQFtAQCCAoBPEg+AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":2,"flow_src_last_pkt_time":1499347852742641,"flow_dst_last_pkt_time":1499347852742791,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347852742791,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgmLb7idG57ikwKAScSDmbwAAAgQFtAQCCAoD5hmzATxIPgEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":3,"flow_src_last_pkt_time":1499347852743464,"flow_dst_last_pkt_time":1499347852742791,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347852743464,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07IJAAD4G2VWsEAABwKgKMoJiAFDnuKTA2+4nR4AQAOWFdwAAAQEICgE8SD4D5hmz"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347720094904,"flow_src_last_pkt_time":1499347725815586,"flow_dst_last_pkt_time":1499347725815062,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347720094904,"flow_src_last_pkt_time":1499347725815586,"flow_dst_last_pkt_time":1499347725815062,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347720094904,"flow_src_last_pkt_time":1499347725815586,"flow_dst_last_pkt_time":1499347725815062,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347721376008,"flow_src_last_pkt_time":1499347726816443,"flow_dst_last_pkt_time":1499347726815893,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347721376008,"flow_src_last_pkt_time":1499347726816443,"flow_dst_last_pkt_time":1499347726815893,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347721376008,"flow_src_last_pkt_time":1499347726816443,"flow_dst_last_pkt_time":1499347726815893,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347724082614,"flow_src_last_pkt_time":1499347729818189,"flow_dst_last_pkt_time":1499347729817456,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347724082614,"flow_src_last_pkt_time":1499347729818189,"flow_dst_last_pkt_time":1499347729817456,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347724082614,"flow_src_last_pkt_time":1499347729818189,"flow_dst_last_pkt_time":1499347729817456,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347725355982,"flow_src_last_pkt_time":1499347730818343,"flow_dst_last_pkt_time":1499347730817612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347725355982,"flow_src_last_pkt_time":1499347730818343,"flow_dst_last_pkt_time":1499347730817612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347725355982,"flow_src_last_pkt_time":1499347730818343,"flow_dst_last_pkt_time":1499347730817612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347726623497,"flow_src_last_pkt_time":1499347731818403,"flow_dst_last_pkt_time":1499347731817811,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347726623497,"flow_src_last_pkt_time":1499347731818403,"flow_dst_last_pkt_time":1499347731817811,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347726623497,"flow_src_last_pkt_time":1499347731818403,"flow_dst_last_pkt_time":1499347731817811,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347854024667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347855324591,"flow_src_last_pkt_time":1499347855324591,"flow_dst_last_pkt_time":1499347855324591,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347855324591,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_src_last_pkt_time":1499347855324591,"flow_dst_last_pkt_time":1499347855324591,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347855324591,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82qpAAD4G6yWsEAABwKgKMoJ8AFBnHpBuAAAAAKACchCYqgAAAgQFtAQCCAoBPErEAAAAAAEDAwc="}
@@ -3025,21 +3025,21 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7458,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_src_last_pkt_time":1499347864367420,"flow_dst_last_pkt_time":1499347864367420,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347864367420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SwNAAD4Ges2sEAABwKgKMoLcAFBKORibAAAAAKACchAkLwAAAgQFtAQCCAoBPFOYAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7459,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":2,"flow_src_last_pkt_time":1499347864367420,"flow_dst_last_pkt_time":1499347864367548,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347864367548,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgtztJOKwSjkYnKAScSAsRQAAAgQFtAQCCAoD5iUNATxTmAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7461,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":3,"flow_src_last_pkt_time":1499347864368322,"flow_dst_last_pkt_time":1499347864367548,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347864368322,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SwRAAD4GetSsEAABwKgKMoLcAFBKORic7STisYAQAOXLSwAAAQEICgE8U5kD5iUN"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347729211579,"flow_src_last_pkt_time":1499347734819205,"flow_dst_last_pkt_time":1499347734818654,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347729211579,"flow_src_last_pkt_time":1499347734819205,"flow_dst_last_pkt_time":1499347734818654,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347729211579,"flow_src_last_pkt_time":1499347734819205,"flow_dst_last_pkt_time":1499347734818654,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347730501574,"flow_src_last_pkt_time":1499347735819813,"flow_dst_last_pkt_time":1499347735819047,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347730501574,"flow_src_last_pkt_time":1499347735819813,"flow_dst_last_pkt_time":1499347735819047,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347730501574,"flow_src_last_pkt_time":1499347735819813,"flow_dst_last_pkt_time":1499347735819047,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347731797840,"flow_src_last_pkt_time":1499347736820049,"flow_dst_last_pkt_time":1499347736819502,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347731797840,"flow_src_last_pkt_time":1499347736820049,"flow_dst_last_pkt_time":1499347736819502,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347731797840,"flow_src_last_pkt_time":1499347736820049,"flow_dst_last_pkt_time":1499347736819502,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347733083460,"flow_src_last_pkt_time":1499347738820356,"flow_dst_last_pkt_time":1499347738819834,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347733083460,"flow_src_last_pkt_time":1499347738820356,"flow_dst_last_pkt_time":1499347738819834,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347733083460,"flow_src_last_pkt_time":1499347738820356,"flow_dst_last_pkt_time":1499347738819834,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347734348737,"flow_src_last_pkt_time":1499347739820491,"flow_dst_last_pkt_time":1499347739819941,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347734348737,"flow_src_last_pkt_time":1499347739820491,"flow_dst_last_pkt_time":1499347739819941,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347734348737,"flow_src_last_pkt_time":1499347739820491,"flow_dst_last_pkt_time":1499347739819941,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347735664516,"flow_src_last_pkt_time":1499347740821372,"flow_dst_last_pkt_time":1499347740820603,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347735664516,"flow_src_last_pkt_time":1499347740821372,"flow_dst_last_pkt_time":1499347740820603,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347735664516,"flow_src_last_pkt_time":1499347740821372,"flow_dst_last_pkt_time":1499347740820603,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347738229231,"flow_src_last_pkt_time":1499347743822741,"flow_dst_last_pkt_time":1499347743822221,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347738229231,"flow_src_last_pkt_time":1499347743822741,"flow_dst_last_pkt_time":1499347743822221,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347738229231,"flow_src_last_pkt_time":1499347743822741,"flow_dst_last_pkt_time":1499347743822221,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347739497368,"flow_src_last_pkt_time":1499347744823433,"flow_dst_last_pkt_time":1499347744822854,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347739497368,"flow_src_last_pkt_time":1499347744823433,"flow_dst_last_pkt_time":1499347744822854,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347739497368,"flow_src_last_pkt_time":1499347744823433,"flow_dst_last_pkt_time":1499347744822854,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347864861731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347867086713,"flow_src_last_pkt_time":1499347867086713,"flow_dst_last_pkt_time":1499347867086713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347867086713,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_src_last_pkt_time":1499347867086713,"flow_dst_last_pkt_time":1499347867086713,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347867086713,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sxZAAD4GErqsEAABwKgKMoL2AFBvHeVWAAAAAKACchAvzQAAAgQFtAQCCAoBPFZAAAAAAAEDAwc="}
@@ -3065,18 +3065,18 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_src_last_pkt_time":1499347874737577,"flow_dst_last_pkt_time":1499347874737577,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347874737577,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88wxAAD4G0sOsEAABwKgKMoNIAFDgx661AAAAAKACchDs+AAAAgQFtAQCCAoBPF25AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":2,"flow_src_last_pkt_time":1499347874737577,"flow_dst_last_pkt_time":1499347874737738,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347874737738,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg0iSQssc4MeutqAScSBdZQAAAgQFtAQCCAoD5i8tATxduQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7547,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":3,"flow_src_last_pkt_time":1499347874738427,"flow_dst_last_pkt_time":1499347874737738,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347874738427,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08w1AAD4G0sqsEAABwKgKMoNIAFDgx662kkLLHYAQAOX8bAAAAQEICgE8XbkD5i8t"}
-01137{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":106,"flow_first_seen":1499347675703973,"flow_src_last_pkt_time":1499347745908378,"flow_dst_last_pkt_time":1499347745908439,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48695,"flow_dst_tot_l4_payload_len":183491,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347740751827,"flow_src_last_pkt_time":1499347745824578,"flow_dst_last_pkt_time":1499347745823816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01291{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":106,"flow_first_seen":1499347675703973,"flow_src_last_pkt_time":1499347745908378,"flow_dst_last_pkt_time":1499347745908439,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48695,"flow_dst_tot_l4_payload_len":183491,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347740751827,"flow_src_last_pkt_time":1499347745824578,"flow_dst_last_pkt_time":1499347745823816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347740751827,"flow_src_last_pkt_time":1499347745824578,"flow_dst_last_pkt_time":1499347745823816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347744595039,"flow_src_last_pkt_time":1499347749825551,"flow_dst_last_pkt_time":1499347749824845,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347744595039,"flow_src_last_pkt_time":1499347749825551,"flow_dst_last_pkt_time":1499347749824845,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347744595039,"flow_src_last_pkt_time":1499347749825551,"flow_dst_last_pkt_time":1499347749824845,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347747187648,"flow_src_last_pkt_time":1499347752826361,"flow_dst_last_pkt_time":1499347752825814,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347747187648,"flow_src_last_pkt_time":1499347752826361,"flow_dst_last_pkt_time":1499347752825814,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347747187648,"flow_src_last_pkt_time":1499347752826361,"flow_dst_last_pkt_time":1499347752825814,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347748472415,"flow_src_last_pkt_time":1499347753827058,"flow_dst_last_pkt_time":1499347753826488,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347748472415,"flow_src_last_pkt_time":1499347753827058,"flow_dst_last_pkt_time":1499347753826488,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347748472415,"flow_src_last_pkt_time":1499347753827058,"flow_dst_last_pkt_time":1499347753826488,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347749751996,"flow_src_last_pkt_time":1499347754827634,"flow_dst_last_pkt_time":1499347754827079,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347749751996,"flow_src_last_pkt_time":1499347754827634,"flow_dst_last_pkt_time":1499347754827079,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347749751996,"flow_src_last_pkt_time":1499347754827634,"flow_dst_last_pkt_time":1499347754827079,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347874866060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347872187685,"flow_src_last_pkt_time":1499347877028300,"flow_dst_last_pkt_time":1499347872187811,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347877028300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347872187685,"flow_src_last_pkt_time":1499347877028300,"flow_dst_last_pkt_time":1499347872187811,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347877028300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347877292759,"flow_src_last_pkt_time":1499347877292759,"flow_dst_last_pkt_time":1499347877292759,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347877292759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_src_last_pkt_time":1499347877292759,"flow_dst_last_pkt_time":1499347877292759,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347877292759,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t4hAAD4GDkisEAABwKgKMoNiAFCEB9ewAAAAAKACchAeJQAAAgQFtAQCCAoBPGA4AAAAAAEDAwc="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":2,"flow_src_last_pkt_time":1499347877292759,"flow_dst_last_pkt_time":1499347877292858,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347877292858,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg2I\/o2nZhAfXsaAScSA\/9QAAAgQFtAQCCAoD5jGsATxgOAEDAwc="}
@@ -3089,7 +3089,7 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7597,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_src_last_pkt_time":1499347881141710,"flow_dst_last_pkt_time":1499347881141710,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347881141710,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80HhAAD4G9VesEAABwKgKMoOKAFDzHbOCAAAAAKACchDPUgAAAgQFtAQCCAoBPGP6AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7598,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":2,"flow_src_last_pkt_time":1499347881141710,"flow_dst_last_pkt_time":1499347881141852,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347881141852,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg4pPHZMl8x2zg6AScSC0mgAAAgQFtAQCCAoD5jVuATxj+gEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":3,"flow_src_last_pkt_time":1499347881142632,"flow_dst_last_pkt_time":1499347881141852,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347881142632,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00HlAAD4G9V6sEAABwKgKMoOKAFDzHbODTx2TJoAQAOVTogAAAQEICgE8Y\/oD5jVu"}
-02294{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":7606,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347872187685,"flow_src_last_pkt_time":1499347882404199,"flow_dst_last_pkt_time":1499347882158637,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16321,"midstream":0,"thread_ts_usec":1499347882404199,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":126,"avg":651208.6,"max":4840595,"stddev":1171443.9,"var":1372280717312.0,"ent":3.5,"data": [126,862,4839753,4840595,3674,4464,263225,266840,3672,1005298,1009118,3796,260614,264369,3758,1024972,1028663,3708,266053,269708,3666,1007636,1011884,4257,260865,265134,4231,1006690,1010841,4181,244813]},"pktlen": {"min":52,"avg":713.8,"max":1921,"stddev":751.0,"var":564013.3,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1921,52,435,1822,52,637,1918,52,435,1822,52,637,1920,52,435,1822,52,637]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.559092522,5.072907925,4.931210518,5.917668343,4.892748833,7.738794327,4.863714695,6.007505894,7.798718929,5.022342682,5.905847549,7.739555359,4.906957626,6.033310413,7.766191959,4.983880997,5.910769463,7.742557526,4.945419312,6.030111790,7.769622803,4.906957626,5.902417183,7.741934776,4.945419312,6.047390461,7.800710201,4.908878326,5.889702797,7.740861416,5.022342682,6.020066261]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02448{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":7606,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347872187685,"flow_src_last_pkt_time":1499347882404199,"flow_dst_last_pkt_time":1499347882158637,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16321,"midstream":0,"thread_ts_usec":1499347882404199,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":126,"avg":651208.6,"max":4840595,"stddev":1171443.9,"var":1372280717312.0,"ent":3.5,"data": [126,862,4839753,4840595,3674,4464,263225,266840,3672,1005298,1009118,3796,260614,264369,3758,1024972,1028663,3708,266053,269708,3666,1007636,1011884,4257,260865,265134,4231,1006690,1010841,4181,244813]},"pktlen": {"min":52,"avg":713.8,"max":1921,"stddev":751.0,"var":564013.3,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1921,52,435,1822,52,637,1918,52,435,1822,52,637,1920,52,435,1822,52,637]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.559092522,5.072907925,4.931210518,5.917668343,4.892748833,7.738794327,4.863714695,6.007505894,7.798718929,5.022342682,5.905847549,7.739555359,4.906957626,6.033310413,7.766191959,4.983880997,5.910769463,7.742557526,4.945419312,6.030111790,7.769622803,4.906957626,5.902417183,7.741934776,4.945419312,6.047390461,7.800710201,4.908878326,5.889702797,7.740861416,5.022342682,6.020066261]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347882404247,"flow_src_last_pkt_time":1499347882404247,"flow_dst_last_pkt_time":1499347882404247,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347882404247,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_src_last_pkt_time":1499347882404247,"flow_dst_last_pkt_time":1499347882404247,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347882404247,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eWdAAD4GTGmsEAABwKgKMoOYAFA4phxRAAAAAKACchAfsgAAAgQFtAQCCAoBPGU2AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":2,"flow_src_last_pkt_time":1499347882404247,"flow_dst_last_pkt_time":1499347882404320,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347882404320,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg5hCgWTIOKYcUqAScSA+twAAAgQFtAQCCAoD5jaqATxlNgEDAwc="}
@@ -3098,15 +3098,15 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_src_last_pkt_time":1499347883693194,"flow_dst_last_pkt_time":1499347883693194,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347883693194,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WYNAAD4GbE2sEAABwKgKMoOmAFDBWz\/7AAAAAKACchByAgAAAgQFtAQCCAoBPGZ4AAAAAAEDAwc="}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7619,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":2,"flow_src_last_pkt_time":1499347883693194,"flow_dst_last_pkt_time":1499347883693320,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347883693320,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg6YJ\/gJMwVs\/\/KAScSAqxQAAAgQFtAQCCAoD5jfsATxmeAEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":3,"flow_src_last_pkt_time":1499347883694064,"flow_dst_last_pkt_time":1499347883693320,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347883694064,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WYRAAD4GbFSsEAABwKgKMoOmAFDBWz\/8Cf4CTYAQAOXJzAAAAQEICgE8ZngD5jfs"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347752308453,"flow_src_last_pkt_time":1499347757828213,"flow_dst_last_pkt_time":1499347757827429,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347752308453,"flow_src_last_pkt_time":1499347757828213,"flow_dst_last_pkt_time":1499347757827429,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347752308453,"flow_src_last_pkt_time":1499347757828213,"flow_dst_last_pkt_time":1499347757827429,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347753649698,"flow_src_last_pkt_time":1499347758828328,"flow_dst_last_pkt_time":1499347758827608,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347753649698,"flow_src_last_pkt_time":1499347758828328,"flow_dst_last_pkt_time":1499347758827608,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347753649698,"flow_src_last_pkt_time":1499347758828328,"flow_dst_last_pkt_time":1499347758827608,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347756244736,"flow_src_last_pkt_time":1499347761829395,"flow_dst_last_pkt_time":1499347761828509,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347756244736,"flow_src_last_pkt_time":1499347761829395,"flow_dst_last_pkt_time":1499347761828509,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347756244736,"flow_src_last_pkt_time":1499347761829395,"flow_dst_last_pkt_time":1499347761828509,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347757502001,"flow_src_last_pkt_time":1499347762829865,"flow_dst_last_pkt_time":1499347762829356,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347757502001,"flow_src_last_pkt_time":1499347762829865,"flow_dst_last_pkt_time":1499347762829356,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347757502001,"flow_src_last_pkt_time":1499347762829865,"flow_dst_last_pkt_time":1499347762829356,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347758774129,"flow_src_last_pkt_time":1499347763831043,"flow_dst_last_pkt_time":1499347763830373,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347758774129,"flow_src_last_pkt_time":1499347763831043,"flow_dst_last_pkt_time":1499347763830373,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347758774129,"flow_src_last_pkt_time":1499347763831043,"flow_dst_last_pkt_time":1499347763830373,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347885019468,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347886296186,"flow_src_last_pkt_time":1499347886296186,"flow_dst_last_pkt_time":1499347886296186,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347886296186,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_src_last_pkt_time":1499347886296186,"flow_dst_last_pkt_time":1499347886296186,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347886296186,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8J3NAAD4Gnl2sEAABwKgKMoPAAFDfgE5wAAAAAKACchBCwwAAAgQFtAQCCAoBPGkDAAAAAAEDAwc="}
@@ -3132,19 +3132,19 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_src_last_pkt_time":1499347895396921,"flow_dst_last_pkt_time":1499347895396921,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347895396921,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+PRAAD4GzNusEAABwKgKMoQeAFBBmIkSAAAAAKACchCcyAAAAgQFtAQCCAoBPHHmAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":2,"flow_src_last_pkt_time":1499347895396921,"flow_dst_last_pkt_time":1499347895397051,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347895397051,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhB6fI8DwQZiJE6AScSD2UgAAAgQFtAQCCAoD5kNaATxx5gEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7711,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":3,"flow_src_last_pkt_time":1499347895397620,"flow_dst_last_pkt_time":1499347895397051,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347895397620,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+PVAAD4GzOKsEAABwKgKMoQeAFBBmIkTnyPA8YAQAOWVWgAAAQEICgE8ceYD5kNa"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347761418781,"flow_src_last_pkt_time":1499347766830565,"flow_dst_last_pkt_time":1499347766829991,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347761418781,"flow_src_last_pkt_time":1499347766830565,"flow_dst_last_pkt_time":1499347766829991,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347761418781,"flow_src_last_pkt_time":1499347766830565,"flow_dst_last_pkt_time":1499347766829991,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347762675533,"flow_src_last_pkt_time":1499347767831361,"flow_dst_last_pkt_time":1499347767830659,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347762675533,"flow_src_last_pkt_time":1499347767831361,"flow_dst_last_pkt_time":1499347767830659,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347762675533,"flow_src_last_pkt_time":1499347767831361,"flow_dst_last_pkt_time":1499347767830659,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347765229991,"flow_src_last_pkt_time":1499347770831626,"flow_dst_last_pkt_time":1499347770831069,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347765229991,"flow_src_last_pkt_time":1499347770831626,"flow_dst_last_pkt_time":1499347770831069,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347765229991,"flow_src_last_pkt_time":1499347770831626,"flow_dst_last_pkt_time":1499347770831069,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347766506592,"flow_src_last_pkt_time":1499347771832407,"flow_dst_last_pkt_time":1499347771831868,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347766506592,"flow_src_last_pkt_time":1499347771832407,"flow_dst_last_pkt_time":1499347771831868,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347766506592,"flow_src_last_pkt_time":1499347771832407,"flow_dst_last_pkt_time":1499347771831868,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347767793081,"flow_src_last_pkt_time":1499347772833029,"flow_dst_last_pkt_time":1499347772832451,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347767793081,"flow_src_last_pkt_time":1499347772833029,"flow_dst_last_pkt_time":1499347772832451,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347767793081,"flow_src_last_pkt_time":1499347772833029,"flow_dst_last_pkt_time":1499347772832451,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347769077555,"flow_src_last_pkt_time":1499347774833278,"flow_dst_last_pkt_time":1499347774832727,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347769077555,"flow_src_last_pkt_time":1499347774833278,"flow_dst_last_pkt_time":1499347774832727,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347769077555,"flow_src_last_pkt_time":1499347774833278,"flow_dst_last_pkt_time":1499347774832727,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347770345574,"flow_src_last_pkt_time":1499347775834049,"flow_dst_last_pkt_time":1499347775833251,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347770345574,"flow_src_last_pkt_time":1499347775834049,"flow_dst_last_pkt_time":1499347775833251,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347770345574,"flow_src_last_pkt_time":1499347775834049,"flow_dst_last_pkt_time":1499347775833251,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347895873971,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347896716455,"flow_src_last_pkt_time":1499347896716455,"flow_dst_last_pkt_time":1499347896716455,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347896716455,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_src_last_pkt_time":1499347896716455,"flow_dst_last_pkt_time":1499347896716455,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347896716455,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SsxAAD4GewSsEAABwKgKMoQsAFDW1Dn8AAAAAKACchBVSgAAAgQFtAQCCAoBPHMwAAAAAAEDAwc="}
@@ -3170,17 +3170,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7794,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_src_last_pkt_time":1499347905694349,"flow_dst_last_pkt_time":1499347905694349,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347905694349,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dZJAAD4GUD6sEAABwKgKMoSKAFAcIA5mAAAAAKACchAycwAAAgQFtAQCCAoBPHv0AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7795,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":2,"flow_src_last_pkt_time":1499347905694349,"flow_dst_last_pkt_time":1499347905694512,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347905694512,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhIr8f9XqHCAOZ6AScSAPmAAAAgQFtAQCCAoD5k1pATx79AEDAwc="}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7796,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":3,"flow_src_last_pkt_time":1499347905695267,"flow_dst_last_pkt_time":1499347905694512,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347905695267,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dZNAAD4GUEWsEAABwKgKMoSKAFAcIA5n\/H\/V64AQAOWunwAAAQEICgE8e\/QD5k1p"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347771635838,"flow_src_last_pkt_time":1499347776834141,"flow_dst_last_pkt_time":1499347776833541,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347771635838,"flow_src_last_pkt_time":1499347776834141,"flow_dst_last_pkt_time":1499347776833541,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347771635838,"flow_src_last_pkt_time":1499347776834141,"flow_dst_last_pkt_time":1499347776833541,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347774205265,"flow_src_last_pkt_time":1499347779835056,"flow_dst_last_pkt_time":1499347779834463,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347774205265,"flow_src_last_pkt_time":1499347779835056,"flow_dst_last_pkt_time":1499347779834463,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347774205265,"flow_src_last_pkt_time":1499347779835056,"flow_dst_last_pkt_time":1499347779834463,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347775487117,"flow_src_last_pkt_time":1499347780836165,"flow_dst_last_pkt_time":1499347780835556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347775487117,"flow_src_last_pkt_time":1499347780836165,"flow_dst_last_pkt_time":1499347780835556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347775487117,"flow_src_last_pkt_time":1499347780836165,"flow_dst_last_pkt_time":1499347780835556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347776753871,"flow_src_last_pkt_time":1499347781835805,"flow_dst_last_pkt_time":1499347781835276,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347776753871,"flow_src_last_pkt_time":1499347781835805,"flow_dst_last_pkt_time":1499347781835276,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347776753871,"flow_src_last_pkt_time":1499347781835805,"flow_dst_last_pkt_time":1499347781835276,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347779333285,"flow_src_last_pkt_time":1499347784836311,"flow_dst_last_pkt_time":1499347784835569,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347779333285,"flow_src_last_pkt_time":1499347784836311,"flow_dst_last_pkt_time":1499347784835569,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347779333285,"flow_src_last_pkt_time":1499347784836311,"flow_dst_last_pkt_time":1499347784835569,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347780605080,"flow_src_last_pkt_time":1499347785836201,"flow_dst_last_pkt_time":1499347785835442,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347780605080,"flow_src_last_pkt_time":1499347785836201,"flow_dst_last_pkt_time":1499347785835442,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347780605080,"flow_src_last_pkt_time":1499347785836201,"flow_dst_last_pkt_time":1499347785835442,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347905875776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347908253421,"flow_src_last_pkt_time":1499347908253421,"flow_dst_last_pkt_time":1499347908253421,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347908253421,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_src_last_pkt_time":1499347908253421,"flow_dst_last_pkt_time":1499347908253421,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347908253421,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XLdAAD4GaRmsEAABwKgKMoSkAFDBACLDAAAAAKACchB2mwAAAgQFtAQCCAoBPH50AAAAAAEDAwc="}
@@ -3202,15 +3202,15 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7868,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_src_last_pkt_time":1499347914710811,"flow_dst_last_pkt_time":1499347914710811,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347914710811,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oQ5AAD4GJMKsEAABwKgKMoToAFDafCXMAAAAAKACchBThAAAAgQFtAQCCAoBPITCAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7869,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":2,"flow_src_last_pkt_time":1499347914710811,"flow_dst_last_pkt_time":1499347914710961,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347914710961,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhOgBH2BK2nwlzaAScSCY3AAAAgQFtAQCCAoD5lY3ATyEwgEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":3,"flow_src_last_pkt_time":1499347914711543,"flow_dst_last_pkt_time":1499347914710961,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347914711543,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oQ9AAD4GJMmsEAABwKgKMoToAFDafCXNAR9gS4AQAOU34wAAAQEICgE8hMMD5lY3"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347783176569,"flow_src_last_pkt_time":1499347788836634,"flow_dst_last_pkt_time":1499347788835897,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347783176569,"flow_src_last_pkt_time":1499347788836634,"flow_dst_last_pkt_time":1499347788835897,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347783176569,"flow_src_last_pkt_time":1499347788836634,"flow_dst_last_pkt_time":1499347788835897,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347784519893,"flow_src_last_pkt_time":1499347789837157,"flow_dst_last_pkt_time":1499347789836610,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347784519893,"flow_src_last_pkt_time":1499347789837157,"flow_dst_last_pkt_time":1499347789836610,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347784519893,"flow_src_last_pkt_time":1499347789837157,"flow_dst_last_pkt_time":1499347789836610,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347787097862,"flow_src_last_pkt_time":1499347792837525,"flow_dst_last_pkt_time":1499347792836945,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347787097862,"flow_src_last_pkt_time":1499347792837525,"flow_dst_last_pkt_time":1499347792836945,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347787097862,"flow_src_last_pkt_time":1499347792837525,"flow_dst_last_pkt_time":1499347792836945,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347788375802,"flow_src_last_pkt_time":1499347793837999,"flow_dst_last_pkt_time":1499347793837268,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347788375802,"flow_src_last_pkt_time":1499347793837999,"flow_dst_last_pkt_time":1499347793837268,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347788375802,"flow_src_last_pkt_time":1499347793837999,"flow_dst_last_pkt_time":1499347793837268,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347789640444,"flow_src_last_pkt_time":1499347794837987,"flow_dst_last_pkt_time":1499347794837443,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347789640444,"flow_src_last_pkt_time":1499347794837987,"flow_dst_last_pkt_time":1499347794837443,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347789640444,"flow_src_last_pkt_time":1499347794837987,"flow_dst_last_pkt_time":1499347794837443,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347916030886,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347917322932,"flow_src_last_pkt_time":1499347917322932,"flow_dst_last_pkt_time":1499347917322932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347917322932,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_src_last_pkt_time":1499347917322932,"flow_dst_last_pkt_time":1499347917322932,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347917322932,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CqdAAD4GuymsEAABwKgKMoUCAFC+4o3oAAAAAKACchAEWwAAAgQFtAQCCAoBPIdPAAAAAAEDAwc="}
@@ -3236,17 +3236,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7960,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_src_last_pkt_time":1499347926328507,"flow_dst_last_pkt_time":1499347926328507,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347926328507,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Y4hAAD4GYkisEAABwKgKMoVgAFAOjvOTAAAAAKACchBF2gAAAgQFtAQCCAoBPJAbAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":2,"flow_src_last_pkt_time":1499347926328507,"flow_dst_last_pkt_time":1499347926328679,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347926328679,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhWB82qzsDo7zlKAScSC3fAAAAgQFtAQCCAoD5mGPATyQGwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7962,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":3,"flow_src_last_pkt_time":1499347926329410,"flow_dst_last_pkt_time":1499347926328679,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347926329410,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Y4lAAD4GYk+sEAABwKgKMoVgAFAOjvOUfNqs7YAQAOVWhAAAAQEICgE8kBsD5mGP"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347793575417,"flow_src_last_pkt_time":1499347798838630,"flow_dst_last_pkt_time":1499347798837872,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347793575417,"flow_src_last_pkt_time":1499347798838630,"flow_dst_last_pkt_time":1499347798837872,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347793575417,"flow_src_last_pkt_time":1499347798838630,"flow_dst_last_pkt_time":1499347798837872,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347796130119,"flow_src_last_pkt_time":1499347801839620,"flow_dst_last_pkt_time":1499347801839100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347796130119,"flow_src_last_pkt_time":1499347801839620,"flow_dst_last_pkt_time":1499347801839100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347796130119,"flow_src_last_pkt_time":1499347801839620,"flow_dst_last_pkt_time":1499347801839100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347797419654,"flow_src_last_pkt_time":1499347802840074,"flow_dst_last_pkt_time":1499347802839316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347797419654,"flow_src_last_pkt_time":1499347802840074,"flow_dst_last_pkt_time":1499347802839316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347797419654,"flow_src_last_pkt_time":1499347802840074,"flow_dst_last_pkt_time":1499347802839316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347798713386,"flow_src_last_pkt_time":1499347803840244,"flow_dst_last_pkt_time":1499347803839542,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347798713386,"flow_src_last_pkt_time":1499347803840244,"flow_dst_last_pkt_time":1499347803839542,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347798713386,"flow_src_last_pkt_time":1499347803840244,"flow_dst_last_pkt_time":1499347803839542,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347801271157,"flow_src_last_pkt_time":1499347806841224,"flow_dst_last_pkt_time":1499347806840676,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347801271157,"flow_src_last_pkt_time":1499347806841224,"flow_dst_last_pkt_time":1499347806840676,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347801271157,"flow_src_last_pkt_time":1499347806841224,"flow_dst_last_pkt_time":1499347806840676,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347792291066,"flow_src_last_pkt_time":1499347797838297,"flow_dst_last_pkt_time":1499347797837778,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347792291066,"flow_src_last_pkt_time":1499347797838297,"flow_dst_last_pkt_time":1499347797837778,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347792291066,"flow_src_last_pkt_time":1499347797838297,"flow_dst_last_pkt_time":1499347797837778,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347927657910,"flow_src_last_pkt_time":1499347927657910,"flow_dst_last_pkt_time":1499347927657910,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347927657910,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_src_last_pkt_time":1499347927657910,"flow_dst_last_pkt_time":1499347927657910,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347927657910,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NcxAAD4GkASsEAABwKgKMoVuAFCXD6SrAAAAAKACchAK5wAAAgQFtAQCCAoBPJFnAAAAAAEDAwc="}
@@ -3272,17 +3272,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_src_last_pkt_time":1499347936727621,"flow_dst_last_pkt_time":1499347936727621,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347936727621,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IMJAAD4GpQ6sEAABwKgKMoXMAFAQdrqBAAAAAKACchBycAAAAgQFtAQCCAoBPJpDAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":2,"flow_src_last_pkt_time":1499347936727621,"flow_dst_last_pkt_time":1499347936727763,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347936727763,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhcyowg88EHa6gqAScSBLswAAAgQFtAQCCAoD5mu3ATyaQwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8046,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":3,"flow_src_last_pkt_time":1499347936728282,"flow_dst_last_pkt_time":1499347936727763,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347936728282,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IMNAAD4GpRWsEAABwKgKMoXMAFAQdrqCqMIPPYAQAOXqugAAAQEICgE8mkMD5mu3"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347802549433,"flow_src_last_pkt_time":1499347807841718,"flow_dst_last_pkt_time":1499347807841171,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347802549433,"flow_src_last_pkt_time":1499347807841718,"flow_dst_last_pkt_time":1499347807841171,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347802549433,"flow_src_last_pkt_time":1499347807841718,"flow_dst_last_pkt_time":1499347807841171,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347805119465,"flow_src_last_pkt_time":1499347810842466,"flow_dst_last_pkt_time":1499347810841768,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347805119465,"flow_src_last_pkt_time":1499347810842466,"flow_dst_last_pkt_time":1499347810841768,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347805119465,"flow_src_last_pkt_time":1499347810842466,"flow_dst_last_pkt_time":1499347810841768,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347806390445,"flow_src_last_pkt_time":1499347811528620,"flow_dst_last_pkt_time":1499347811528084,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347806390445,"flow_src_last_pkt_time":1499347811528620,"flow_dst_last_pkt_time":1499347811528084,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347806390445,"flow_src_last_pkt_time":1499347811528620,"flow_dst_last_pkt_time":1499347811528084,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347810243756,"flow_src_last_pkt_time":1499347815843256,"flow_dst_last_pkt_time":1499347815842474,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347810243756,"flow_src_last_pkt_time":1499347815843256,"flow_dst_last_pkt_time":1499347815842474,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347810243756,"flow_src_last_pkt_time":1499347815843256,"flow_dst_last_pkt_time":1499347815842474,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347811525785,"flow_src_last_pkt_time":1499347816843891,"flow_dst_last_pkt_time":1499347816843100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347811525785,"flow_src_last_pkt_time":1499347816843891,"flow_dst_last_pkt_time":1499347816843100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347811525785,"flow_src_last_pkt_time":1499347816843891,"flow_dst_last_pkt_time":1499347816843100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-01041{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":106,"flow_first_seen":1499347743331813,"flow_src_last_pkt_time":1499347811268732,"flow_dst_last_pkt_time":1499347811268780,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183592,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01195{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":106,"flow_first_seen":1499347743331813,"flow_src_last_pkt_time":1499347811268732,"flow_dst_last_pkt_time":1499347811268780,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183592,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347939286105,"flow_src_last_pkt_time":1499347939286105,"flow_dst_last_pkt_time":1499347939286105,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347939286105,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_src_last_pkt_time":1499347939286105,"flow_dst_last_pkt_time":1499347939286105,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347939286105,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86O9AAD4G3OCsEAABwKgKMoXmAFBSpnQtAAAAAKACchBz+wAAAgQFtAQCCAoBPJzCAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":2,"flow_src_last_pkt_time":1499347939286105,"flow_dst_last_pkt_time":1499347939286276,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347939286276,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQheYnhiyyUqZ0LqAScSCuhQAAAgQFtAQCCAoD5m42ATycwgEDAwc="}
@@ -3291,7 +3291,7 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_src_last_pkt_time":1499347940593756,"flow_dst_last_pkt_time":1499347940593756,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347940593756,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87cVAAD4G2AqsEAABwKgKMoX0AFCR9XPMAAAAAKACchAzuAAAAgQFtAQCCAoBPJ4JAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":2,"flow_src_last_pkt_time":1499347940593756,"flow_dst_last_pkt_time":1499347940593881,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347940593881,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhfTE5Ae8kfVzzaAScSD0kgAAAgQFtAQCCAoD5m99ATyeCQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8076,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":3,"flow_src_last_pkt_time":1499347940594634,"flow_dst_last_pkt_time":1499347940593881,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347940594634,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07cZAAD4G2BGsEAABwKgKMoX0AFCR9XPNxOQHvYAQAOWTmgAAAQEICgE8ngkD5m99"}
-01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347939286105,"flow_src_last_pkt_time":1499347941874505,"flow_dst_last_pkt_time":1499347939286276,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347941874505,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499347939286105,"flow_src_last_pkt_time":1499347941874505,"flow_dst_last_pkt_time":1499347939286276,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347941874505,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347943146476,"flow_src_last_pkt_time":1499347943146476,"flow_dst_last_pkt_time":1499347943146476,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347943146476,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_src_last_pkt_time":1499347943146476,"flow_dst_last_pkt_time":1499347943146476,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347943146476,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TwNAAD4Gds2sEAABwKgKMoYOAFBjnu+EAAAAAKACchDjvgAAAgQFtAQCCAoBPKCHAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":2,"flow_src_last_pkt_time":1499347943146476,"flow_dst_last_pkt_time":1499347943146602,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347943146602,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhg4T7s6FY57vhaAScSCMRwAAAgQFtAQCCAoD5nH8ATyghwEDAwc="}
@@ -3304,18 +3304,18 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_src_last_pkt_time":1499347945720318,"flow_dst_last_pkt_time":1499347945720318,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347945720318,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sjdAAD4GE5msEAABwKgKMoYqAFDdpBE8AAAAAKACchBFYQAAAgQFtAQCCAoBPKMLAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8118,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":2,"flow_src_last_pkt_time":1499347945720318,"flow_dst_last_pkt_time":1499347945720417,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347945720417,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhiqh1kGM3aQRPaAScSDqdwAAAgQFtAQCCAoD5nR\/ATyjCwEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":3,"flow_src_last_pkt_time":1499347945721181,"flow_dst_last_pkt_time":1499347945720417,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347945721181,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sjhAAD4GE6CsEAABwKgKMoYqAFDdpBE9odZBjYAQAOWJfwAAAQEICgE8owsD5nR\/"}
-02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":8132,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347939286105,"flow_src_last_pkt_time":1499347947010010,"flow_dst_last_pkt_time":1499347947009327,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4457,"flow_dst_tot_l4_payload_len":16413,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":171,"avg":498294.4,"max":2588369,"stddev":688746.1,"var":474371129344.0,"ent":3.7,"data": [171,739,2587661,2588369,3663,4498,1020517,1024859,4382,244684,248374,3703,1042345,1046980,4607,242309,245980,3660,1031191,1034926,3726,241353,245065,3596,495,1025211,1029311,3750,251257,255524,4221]},"pktlen": {"min":52,"avg":704.7,"max":1920,"stddev":762.8,"var":581830.0,"ent":4.1,"data": [60,60,52,637,52,1918,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,52,435,1822,52,637,1918,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,1,0],"entropies": [4.605007172,5.039574623,4.969671726,6.030518532,4.931210041,7.775516510,4.945419312,5.902482986,7.745615482,4.945419312,6.037442207,7.774715900,4.983880997,5.896422386,7.742757320,4.945419312,6.040554523,7.771491051,4.868495941,5.892494202,7.744132996,4.853979111,6.017662048,7.776625156,4.868495941,4.861793995,5.911713600,7.744248867,4.817438126,6.033777237,7.744309425,4.906957626]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347812797349,"flow_src_last_pkt_time":1499347817844555,"flow_dst_last_pkt_time":1499347817843831,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+02538{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":8132,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499347939286105,"flow_src_last_pkt_time":1499347947010010,"flow_dst_last_pkt_time":1499347947009327,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4457,"flow_dst_tot_l4_payload_len":16413,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":171,"avg":498294.4,"max":2588369,"stddev":688746.1,"var":474371129344.0,"ent":3.7,"data": [171,739,2587661,2588369,3663,4498,1020517,1024859,4382,244684,248374,3703,1042345,1046980,4607,242309,245980,3660,1031191,1034926,3726,241353,245065,3596,495,1025211,1029311,3750,251257,255524,4221]},"pktlen": {"min":52,"avg":704.7,"max":1920,"stddev":762.8,"var":581830.0,"ent":4.1,"data": [60,60,52,637,52,1918,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,52,435,1822,52,637,1918,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,1,0],"entropies": [4.605007172,5.039574623,4.969671726,6.030518532,4.931210041,7.775516510,4.945419312,5.902482986,7.745615482,4.945419312,6.037442207,7.774715900,4.983880997,5.896422386,7.742757320,4.945419312,6.040554523,7.771491051,4.868495941,5.892494202,7.744132996,4.853979111,6.017662048,7.776625156,4.868495941,4.861793995,5.911713600,7.744248867,4.817438126,6.033777237,7.744309425,4.906957626]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347812797349,"flow_src_last_pkt_time":1499347817844555,"flow_dst_last_pkt_time":1499347817843831,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347812797349,"flow_src_last_pkt_time":1499347817844555,"flow_dst_last_pkt_time":1499347817843831,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347814066618,"flow_src_last_pkt_time":1499347819845842,"flow_dst_last_pkt_time":1499347819845138,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347814066618,"flow_src_last_pkt_time":1499347819845842,"flow_dst_last_pkt_time":1499347819845138,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347814066618,"flow_src_last_pkt_time":1499347819845842,"flow_dst_last_pkt_time":1499347819845138,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347815351639,"flow_src_last_pkt_time":1499347820846254,"flow_dst_last_pkt_time":1499347820845511,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347815351639,"flow_src_last_pkt_time":1499347820846254,"flow_dst_last_pkt_time":1499347820845511,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347815351639,"flow_src_last_pkt_time":1499347820846254,"flow_dst_last_pkt_time":1499347820845511,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347816657942,"flow_src_last_pkt_time":1499347821846482,"flow_dst_last_pkt_time":1499347821845658,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347816657942,"flow_src_last_pkt_time":1499347821846482,"flow_dst_last_pkt_time":1499347821845658,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347816657942,"flow_src_last_pkt_time":1499347821846482,"flow_dst_last_pkt_time":1499347821845658,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347819250899,"flow_src_last_pkt_time":1499347824846996,"flow_dst_last_pkt_time":1499347824846263,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347819250899,"flow_src_last_pkt_time":1499347824846996,"flow_dst_last_pkt_time":1499347824846263,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347819250899,"flow_src_last_pkt_time":1499347824846996,"flow_dst_last_pkt_time":1499347824846263,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347820510217,"flow_src_last_pkt_time":1499347825848723,"flow_dst_last_pkt_time":1499347825848150,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347820510217,"flow_src_last_pkt_time":1499347825848723,"flow_dst_last_pkt_time":1499347825848150,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347820510217,"flow_src_last_pkt_time":1499347825848723,"flow_dst_last_pkt_time":1499347825848150,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347947010010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347948293377,"flow_src_last_pkt_time":1499347948293377,"flow_dst_last_pkt_time":1499347948293377,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347948293377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_src_last_pkt_time":1499347948293377,"flow_dst_last_pkt_time":1499347948293377,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347948293377,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EvlAAD4GstesEAABwKgKMoZEAFDGn7d3AAAAAKACchCzjQAAAgQFtAQCCAoBPKWOAAAAAAEDAwc="}
@@ -3341,17 +3341,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_src_last_pkt_time":1499347957282969,"flow_dst_last_pkt_time":1499347957282969,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347957282969,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82nJAAD4G612sEAABwKgKMoaiAFCv93QkAAAAAKACchAEYwAAAgQFtAQCCAoBPK5WAAAAAAEDAwc="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":2,"flow_src_last_pkt_time":1499347957282969,"flow_dst_last_pkt_time":1499347957283121,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347957283121,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhqLwUjy4r\/d0JaAScSBUhgAAAgQFtAQCCAoD5n\/KATyuVgEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":3,"flow_src_last_pkt_time":1499347957283847,"flow_dst_last_pkt_time":1499347957283121,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347957283847,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02nNAAD4G62SsEAABwKgKMoaiAFCv93Ql8FI8uYAQAOXzjQAAAQEICgE8rlYD5n\/K"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347823117412,"flow_src_last_pkt_time":1499347828846893,"flow_dst_last_pkt_time":1499347828846362,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347823117412,"flow_src_last_pkt_time":1499347828846893,"flow_dst_last_pkt_time":1499347828846362,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347823117412,"flow_src_last_pkt_time":1499347828846893,"flow_dst_last_pkt_time":1499347828846362,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347824426335,"flow_src_last_pkt_time":1499347829847648,"flow_dst_last_pkt_time":1499347829846914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347824426335,"flow_src_last_pkt_time":1499347829847648,"flow_dst_last_pkt_time":1499347829846914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347824426335,"flow_src_last_pkt_time":1499347829847648,"flow_dst_last_pkt_time":1499347829846914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347825732332,"flow_src_last_pkt_time":1499347830847232,"flow_dst_last_pkt_time":1499347830846692,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347825732332,"flow_src_last_pkt_time":1499347830847232,"flow_dst_last_pkt_time":1499347830846692,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347825732332,"flow_src_last_pkt_time":1499347830847232,"flow_dst_last_pkt_time":1499347830846692,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347828369060,"flow_src_last_pkt_time":1499347833848456,"flow_dst_last_pkt_time":1499347833847691,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347828369060,"flow_src_last_pkt_time":1499347833848456,"flow_dst_last_pkt_time":1499347833847691,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347828369060,"flow_src_last_pkt_time":1499347833848456,"flow_dst_last_pkt_time":1499347833847691,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347829667453,"flow_src_last_pkt_time":1499347834848315,"flow_dst_last_pkt_time":1499347834847731,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347829667453,"flow_src_last_pkt_time":1499347834848315,"flow_dst_last_pkt_time":1499347834847731,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347829667453,"flow_src_last_pkt_time":1499347834848315,"flow_dst_last_pkt_time":1499347834847731,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347832201949,"flow_src_last_pkt_time":1499347837849523,"flow_dst_last_pkt_time":1499347837848747,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347832201949,"flow_src_last_pkt_time":1499347837849523,"flow_dst_last_pkt_time":1499347837848747,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347832201949,"flow_src_last_pkt_time":1499347837849523,"flow_dst_last_pkt_time":1499347837848747,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347957887123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347958588448,"flow_src_last_pkt_time":1499347958588448,"flow_dst_last_pkt_time":1499347958588448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347958588448,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_src_last_pkt_time":1499347958588448,"flow_dst_last_pkt_time":1499347958588448,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347958588448,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iDdAAD4GPZmsEAABwKgKMoawAFCTxierAAAAAKACchBruQAAAgQFtAQCCAoBPK+cAAAAAAEDAwc="}
@@ -3381,17 +3381,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_src_last_pkt_time":1499347967724898,"flow_dst_last_pkt_time":1499347967724898,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347967724898,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JnBAAD4Gn2CsEAABwKgKMocQAFDWSp74AAAAAKACchComwAAAgQFtAQCCAoBPLiIAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":2,"flow_src_last_pkt_time":1499347967724898,"flow_dst_last_pkt_time":1499347967725013,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347967725013,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhxDJR2HM1kqe+aAScSDwgwAAAgQFtAQCCAoD5on8ATy4iAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":3,"flow_src_last_pkt_time":1499347967725768,"flow_dst_last_pkt_time":1499347967725013,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347967725768,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JnFAAD4Gn2esEAABwKgKMocQAFDWSp75yUdhzYAQAOWPiwAAAQEICgE8uIgD5on8"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347833462049,"flow_src_last_pkt_time":1499347838849955,"flow_dst_last_pkt_time":1499347838849406,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347833462049,"flow_src_last_pkt_time":1499347838849955,"flow_dst_last_pkt_time":1499347838849406,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347833462049,"flow_src_last_pkt_time":1499347838849955,"flow_dst_last_pkt_time":1499347838849406,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347836095456,"flow_src_last_pkt_time":1499347841850419,"flow_dst_last_pkt_time":1499347841849866,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347836095456,"flow_src_last_pkt_time":1499347841850419,"flow_dst_last_pkt_time":1499347841849866,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347836095456,"flow_src_last_pkt_time":1499347841850419,"flow_dst_last_pkt_time":1499347841849866,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347837373420,"flow_src_last_pkt_time":1499347842851299,"flow_dst_last_pkt_time":1499347842850568,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347837373420,"flow_src_last_pkt_time":1499347842851299,"flow_dst_last_pkt_time":1499347842850568,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347837373420,"flow_src_last_pkt_time":1499347842851299,"flow_dst_last_pkt_time":1499347842850568,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347838675718,"flow_src_last_pkt_time":1499347843851569,"flow_dst_last_pkt_time":1499347843850802,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347838675718,"flow_src_last_pkt_time":1499347843851569,"flow_dst_last_pkt_time":1499347843850802,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347838675718,"flow_src_last_pkt_time":1499347843851569,"flow_dst_last_pkt_time":1499347843850802,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347841229542,"flow_src_last_pkt_time":1499347846856820,"flow_dst_last_pkt_time":1499347846856260,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347841229542,"flow_src_last_pkt_time":1499347846856820,"flow_dst_last_pkt_time":1499347846856260,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347841229542,"flow_src_last_pkt_time":1499347846856820,"flow_dst_last_pkt_time":1499347846856260,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347842491750,"flow_src_last_pkt_time":1499347847857403,"flow_dst_last_pkt_time":1499347847856673,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347842491750,"flow_src_last_pkt_time":1499347847857403,"flow_dst_last_pkt_time":1499347847856673,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347842491750,"flow_src_last_pkt_time":1499347847857403,"flow_dst_last_pkt_time":1499347847856673,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347967888208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347970267013,"flow_src_last_pkt_time":1499347970267013,"flow_dst_last_pkt_time":1499347970267013,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347970267013,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_src_last_pkt_time":1499347970267013,"flow_dst_last_pkt_time":1499347970267013,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347970267013,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vvZAAD4GBtqsEAABwKgKMocqAFAxLQXyAAAAAKACchDkKQAAAgQFtAQCCAoBPLsEAAAAAAEDAwc="}
@@ -3413,17 +3413,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_src_last_pkt_time":1499347976658358,"flow_dst_last_pkt_time":1499347976658358,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347976658358,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z4xAAD4GXkSsEAABwKgKModuAFDMdKbNAAAAAKACchChhQAAAgQFtAQCCAoBPMFBAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8371,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":2,"flow_src_last_pkt_time":1499347976658358,"flow_dst_last_pkt_time":1499347976658528,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347976658528,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh26qPdKAzHSmzqAScSCPCQAAAgQFtAQCCAoD5pK2ATzBQQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":3,"flow_src_last_pkt_time":1499347976659161,"flow_dst_last_pkt_time":1499347976658528,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347976659161,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z41AAD4GXkusEAABwKgKModuAFDMdKbOqj3SgYAQAOUuEAAAAQEICgE8wUID5pK2"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347845077766,"flow_src_last_pkt_time":1499347850858271,"flow_dst_last_pkt_time":1499347850857518,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347845077766,"flow_src_last_pkt_time":1499347850858271,"flow_dst_last_pkt_time":1499347850857518,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347845077766,"flow_src_last_pkt_time":1499347850858271,"flow_dst_last_pkt_time":1499347850857518,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347846345271,"flow_src_last_pkt_time":1499347851858638,"flow_dst_last_pkt_time":1499347851858115,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347846345271,"flow_src_last_pkt_time":1499347851858638,"flow_dst_last_pkt_time":1499347851858115,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347846345271,"flow_src_last_pkt_time":1499347851858638,"flow_dst_last_pkt_time":1499347851858115,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347847629206,"flow_src_last_pkt_time":1499347852858759,"flow_dst_last_pkt_time":1499347852858202,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347847629206,"flow_src_last_pkt_time":1499347852858759,"flow_dst_last_pkt_time":1499347852858202,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347847629206,"flow_src_last_pkt_time":1499347852858759,"flow_dst_last_pkt_time":1499347852858202,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347850209154,"flow_src_last_pkt_time":1499347855859317,"flow_dst_last_pkt_time":1499347855858581,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347850209154,"flow_src_last_pkt_time":1499347855859317,"flow_dst_last_pkt_time":1499347855858581,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347850209154,"flow_src_last_pkt_time":1499347855859317,"flow_dst_last_pkt_time":1499347855858581,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347851476262,"flow_src_last_pkt_time":1499347856859220,"flow_dst_last_pkt_time":1499347856858666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347851476262,"flow_src_last_pkt_time":1499347856859220,"flow_dst_last_pkt_time":1499347856858666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347851476262,"flow_src_last_pkt_time":1499347856859220,"flow_dst_last_pkt_time":1499347856858666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347852742641,"flow_src_last_pkt_time":1499347857860196,"flow_dst_last_pkt_time":1499347857859481,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347852742641,"flow_src_last_pkt_time":1499347857860196,"flow_dst_last_pkt_time":1499347857859481,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347852742641,"flow_src_last_pkt_time":1499347857860196,"flow_dst_last_pkt_time":1499347857859481,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347977941452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347979251367,"flow_src_last_pkt_time":1499347979251367,"flow_dst_last_pkt_time":1499347979251367,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347979251367,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_src_last_pkt_time":1499347979251367,"flow_dst_last_pkt_time":1499347979251367,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347979251367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8naJAAD4GKC6sEAABwKgKMoeIAFCOM15oAAAAAKACchAliQAAAgQFtAQCCAoBPMPKAAAAAAEDAwc="}
@@ -3453,17 +3453,17 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_src_last_pkt_time":1499347988233266,"flow_dst_last_pkt_time":1499347988233266,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347988233266,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aCNAAD4GXa2sEAABwKgKMofoAFBt56SsAAAAAKACchD2awAAAgQFtAQCCAoBPMyPAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":2,"flow_src_last_pkt_time":1499347988233266,"flow_dst_last_pkt_time":1499347988233392,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347988233392,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh+gH+IEYbeekraAScSDMUAAAAgQFtAQCCAoD5p4DATzMjwEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8468,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":3,"flow_src_last_pkt_time":1499347988234153,"flow_dst_last_pkt_time":1499347988233392,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347988234153,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aCRAAD4GXbSsEAABwKgKMofoAFBt56StB\/iBGYAQAOVrWAAAAQEICgE8zI8D5p4D"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347855324591,"flow_src_last_pkt_time":1499347860860382,"flow_dst_last_pkt_time":1499347860859621,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347855324591,"flow_src_last_pkt_time":1499347860860382,"flow_dst_last_pkt_time":1499347860859621,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347855324591,"flow_src_last_pkt_time":1499347860860382,"flow_dst_last_pkt_time":1499347860859621,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347856593088,"flow_src_last_pkt_time":1499347861860169,"flow_dst_last_pkt_time":1499347861859594,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347856593088,"flow_src_last_pkt_time":1499347861860169,"flow_dst_last_pkt_time":1499347861859594,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347856593088,"flow_src_last_pkt_time":1499347861860169,"flow_dst_last_pkt_time":1499347861859594,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347859192109,"flow_src_last_pkt_time":1499347864861731,"flow_dst_last_pkt_time":1499347864861168,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347859192109,"flow_src_last_pkt_time":1499347864861731,"flow_dst_last_pkt_time":1499347864861168,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347859192109,"flow_src_last_pkt_time":1499347864861731,"flow_dst_last_pkt_time":1499347864861168,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347860489399,"flow_src_last_pkt_time":1499347865862275,"flow_dst_last_pkt_time":1499347865861692,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347860489399,"flow_src_last_pkt_time":1499347865862275,"flow_dst_last_pkt_time":1499347865861692,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347860489399,"flow_src_last_pkt_time":1499347865862275,"flow_dst_last_pkt_time":1499347865861692,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347861783428,"flow_src_last_pkt_time":1499347866863063,"flow_dst_last_pkt_time":1499347866862476,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347861783428,"flow_src_last_pkt_time":1499347866863063,"flow_dst_last_pkt_time":1499347866862476,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347861783428,"flow_src_last_pkt_time":1499347866863063,"flow_dst_last_pkt_time":1499347866862476,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347863072990,"flow_src_last_pkt_time":1499347868864329,"flow_dst_last_pkt_time":1499347868863556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347863072990,"flow_src_last_pkt_time":1499347868864329,"flow_dst_last_pkt_time":1499347868863556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347863072990,"flow_src_last_pkt_time":1499347868864329,"flow_dst_last_pkt_time":1499347868863556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347988894686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347989526061,"flow_src_last_pkt_time":1499347989526061,"flow_dst_last_pkt_time":1499347989526061,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347989526061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_src_last_pkt_time":1499347989526061,"flow_dst_last_pkt_time":1499347989526061,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347989526061,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8S9BAAD4GegCsEAABwKgKMof2AFDafYYCAAAAAKACchCnLgAAAgQFtAQCCAoBPM3SAAAAAAEDAwc="}
@@ -3489,16 +3489,16 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8551,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_src_last_pkt_time":1499347998605791,"flow_dst_last_pkt_time":1499347998605791,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347998605791,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MQxAAD4GlMSsEAABwKgKMohUAFBMT+e8AAAAAKACchDKZgAAAgQFtAQCCAoBPNawAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":2,"flow_src_last_pkt_time":1499347998605791,"flow_dst_last_pkt_time":1499347998605912,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347998605912,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiFT+qOY2TE\/nvaAScSA6WwAAAgQFtAQCCAoD5qgkATzWsAEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":3,"flow_src_last_pkt_time":1499347998606461,"flow_dst_last_pkt_time":1499347998605912,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347998606461,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MQ1AAD4GlMusEAABwKgKMohUAFBMT+e9\/qjmN4AQAOXZYQAAAQEICgE81rED5qgk"}
-01137{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347807664615,"flow_src_last_pkt_time":1499347876003577,"flow_dst_last_pkt_time":1499347876003694,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183700,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347864367420,"flow_src_last_pkt_time":1499347869864988,"flow_dst_last_pkt_time":1499347869864249,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01291{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347807664615,"flow_src_last_pkt_time":1499347876003577,"flow_dst_last_pkt_time":1499347876003694,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183700,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347864367420,"flow_src_last_pkt_time":1499347869864988,"flow_dst_last_pkt_time":1499347869864249,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347864367420,"flow_src_last_pkt_time":1499347869864988,"flow_dst_last_pkt_time":1499347869864249,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347867086713,"flow_src_last_pkt_time":1499347872866052,"flow_dst_last_pkt_time":1499347872865304,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347867086713,"flow_src_last_pkt_time":1499347872866052,"flow_dst_last_pkt_time":1499347872865304,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347867086713,"flow_src_last_pkt_time":1499347872866052,"flow_dst_last_pkt_time":1499347872865304,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347868358719,"flow_src_last_pkt_time":1499347873865922,"flow_dst_last_pkt_time":1499347873865190,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347868358719,"flow_src_last_pkt_time":1499347873865922,"flow_dst_last_pkt_time":1499347873865190,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347868358719,"flow_src_last_pkt_time":1499347873865922,"flow_dst_last_pkt_time":1499347873865190,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347869628596,"flow_src_last_pkt_time":1499347874866060,"flow_dst_last_pkt_time":1499347874865469,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347869628596,"flow_src_last_pkt_time":1499347874866060,"flow_dst_last_pkt_time":1499347874865469,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347869628596,"flow_src_last_pkt_time":1499347874866060,"flow_dst_last_pkt_time":1499347874865469,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347873465726,"flow_src_last_pkt_time":1499347878867459,"flow_dst_last_pkt_time":1499347878866909,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347873465726,"flow_src_last_pkt_time":1499347878867459,"flow_dst_last_pkt_time":1499347878866909,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347873465726,"flow_src_last_pkt_time":1499347878867459,"flow_dst_last_pkt_time":1499347878866909,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347998898446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348001148029,"flow_src_last_pkt_time":1499348001148029,"flow_dst_last_pkt_time":1499348001148029,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348001148029,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_src_last_pkt_time":1499348001148029,"flow_dst_last_pkt_time":1499348001148029,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348001148029,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pkpAAD4GH4asEAABwKgKMohuAFDUG39mAAAAAKACchCoWgAAAgQFtAQCCAoBPNksAAAAAAEDAwc="}
@@ -3516,22 +3516,22 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_src_last_pkt_time":1499348006334523,"flow_dst_last_pkt_time":1499348006334523,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348006334523,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NJlAAD4GkTesEAABwKgKMoikAFAqsOqkAAAAAKACchDhQAAAAgQFtAQCCAoBPN49AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8612,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":2,"flow_src_last_pkt_time":1499348006334523,"flow_dst_last_pkt_time":1499348006334694,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348006334694,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiKQqwf7AKrDqpaAScSAFBgAAAgQFtAQCCAoD5q+xATzePQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":3,"flow_src_last_pkt_time":1499348006335211,"flow_dst_last_pkt_time":1499348006334694,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348006335211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NJpAAD4GkT6sEAABwKgKMoikAFAqsOqlKsH+wYAQAOWkDQAAAQEICgE83j0D5q+x"}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8623,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348002450018,"flow_src_last_pkt_time":1499348007347280,"flow_dst_last_pkt_time":1499348002450186,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348007347280,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8623,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348002450018,"flow_src_last_pkt_time":1499348007347280,"flow_dst_last_pkt_time":1499348002450186,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348007347280,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348007599846,"flow_src_last_pkt_time":1499348007599846,"flow_dst_last_pkt_time":1499348007599846,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348007599846,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_src_last_pkt_time":1499348007599846,"flow_dst_last_pkt_time":1499348007599846,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348007599846,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+WFAAD4GzG6sEAABwKgKMoiyAFBEayYYAAAAAKACchCKyAAAAgQFtAQCCAoBPN95AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8628,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":2,"flow_src_last_pkt_time":1499348007599846,"flow_dst_last_pkt_time":1499348007599986,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348007599986,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiLJr5HteRGsmGaAScSDvkAAAAgQFtAQCCAoD5rDtATzfeQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":3,"flow_src_last_pkt_time":1499348007600554,"flow_dst_last_pkt_time":1499348007599986,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348007600554,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+WJAAD4GzHWsEAABwKgKMoiyAFBEayYZa+R7X4AQAOWOmAAAAQEICgE833kD5rDt"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347874737577,"flow_src_last_pkt_time":1499347879867830,"flow_dst_last_pkt_time":1499347879867289,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347874737577,"flow_src_last_pkt_time":1499347879867830,"flow_dst_last_pkt_time":1499347879867289,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347874737577,"flow_src_last_pkt_time":1499347879867830,"flow_dst_last_pkt_time":1499347879867289,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347877292759,"flow_src_last_pkt_time":1499347882869245,"flow_dst_last_pkt_time":1499347882868510,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347877292759,"flow_src_last_pkt_time":1499347882869245,"flow_dst_last_pkt_time":1499347882868510,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347877292759,"flow_src_last_pkt_time":1499347882869245,"flow_dst_last_pkt_time":1499347882868510,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347878568081,"flow_src_last_pkt_time":1499347883869379,"flow_dst_last_pkt_time":1499347883868624,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347878568081,"flow_src_last_pkt_time":1499347883869379,"flow_dst_last_pkt_time":1499347883868624,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347878568081,"flow_src_last_pkt_time":1499347883869379,"flow_dst_last_pkt_time":1499347883868624,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347881141710,"flow_src_last_pkt_time":1499347886869945,"flow_dst_last_pkt_time":1499347886869225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347881141710,"flow_src_last_pkt_time":1499347886869945,"flow_dst_last_pkt_time":1499347886869225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347881141710,"flow_src_last_pkt_time":1499347886869945,"flow_dst_last_pkt_time":1499347886869225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347882404247,"flow_src_last_pkt_time":1499347887870347,"flow_dst_last_pkt_time":1499347887869799,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347882404247,"flow_src_last_pkt_time":1499347887870347,"flow_dst_last_pkt_time":1499347887869799,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347882404247,"flow_src_last_pkt_time":1499347887870347,"flow_dst_last_pkt_time":1499347887869799,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347883693194,"flow_src_last_pkt_time":1499347888870478,"flow_dst_last_pkt_time":1499347888869898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347883693194,"flow_src_last_pkt_time":1499347888870478,"flow_dst_last_pkt_time":1499347888869898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347883693194,"flow_src_last_pkt_time":1499347888870478,"flow_dst_last_pkt_time":1499347888869898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348008904666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348010145611,"flow_src_last_pkt_time":1499348010145611,"flow_dst_last_pkt_time":1499348010145611,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348010145611,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_src_last_pkt_time":1499348010145611,"flow_dst_last_pkt_time":1499348010145611,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348010145611,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81alAAD4G8CasEAABwKgKMojMAFACvDRcAAAAAKACchC7nQAAAgQFtAQCCAoBPOH1AAAAAAEDAwc="}
@@ -3545,7 +3545,7 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_src_last_pkt_time":1499348012728762,"flow_dst_last_pkt_time":1499348012728762,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348012728762,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MbdAAD4GlBmsEAABwKgKMojoAFBoxNXMAAAAAKACchCxggAAAgQFtAQCCAoBPOR7AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8667,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":2,"flow_src_last_pkt_time":1499348012728762,"flow_dst_last_pkt_time":1499348012728872,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348012728872,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiOhwV55UaMTVzaAScSDp3wAAAgQFtAQCCAoD5rXvATzkewEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":3,"flow_src_last_pkt_time":1499348012729471,"flow_dst_last_pkt_time":1499348012728872,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348012729471,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MbhAAD4GlCCsEAABwKgKMojoAFBoxNXNcFeeVYAQAOWI5wAAAQEICgE85HsD5rXv"}
-02294{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":8669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499348002450018,"flow_src_last_pkt_time":1499348012729966,"flow_dst_last_pkt_time":1499348012487215,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16321,"midstream":0,"thread_ts_usec":1499348012729966,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":168,"avg":655391.8,"max":4897215,"stddev":1186666.9,"var":1408178323456.0,"ent":3.5,"data": [168,874,4896388,4897215,3139,3939,250433,254530,4103,1006878,1011034,4128,267330,271177,3882,1007953,1011957,4030,246777,250412,3605,1038702,1042399,3673,241578,245223,3629,1046261,1049943,3750,242035]},"pktlen": {"min":52,"avg":713.8,"max":1920,"stddev":751.0,"var":564013.2,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.571673870,5.072907925,4.969671726,5.887361526,4.878231525,7.741217613,4.885738850,6.010152817,7.782044411,4.945419312,5.887085915,7.743456841,4.983880997,6.006285667,7.788482189,4.969364166,5.877018929,7.744219303,4.983880997,6.010739803,7.771894455,4.983880997,5.901759148,7.743703842,5.022342682,6.005155087,7.771924019,4.892440796,5.896227837,7.743970394,4.983880997,6.034862995]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02448{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":8669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499348002450018,"flow_src_last_pkt_time":1499348012729966,"flow_dst_last_pkt_time":1499348012487215,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16321,"midstream":0,"thread_ts_usec":1499348012729966,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":168,"avg":655391.8,"max":4897215,"stddev":1186666.9,"var":1408178323456.0,"ent":3.5,"data": [168,874,4896388,4897215,3139,3939,250433,254530,4103,1006878,1011034,4128,267330,271177,3882,1007953,1011957,4030,246777,250412,3605,1038702,1042399,3673,241578,245223,3629,1046261,1049943,3750,242035]},"pktlen": {"min":52,"avg":713.8,"max":1920,"stddev":751.0,"var":564013.2,"ent":4.2,"data": [60,60,52,435,52,1823,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.571673870,5.072907925,4.969671726,5.887361526,4.878231525,7.741217613,4.885738850,6.010152817,7.782044411,4.945419312,5.887085915,7.743456841,4.983880997,6.006285667,7.788482189,4.969364166,5.877018929,7.744219303,4.983880997,6.010739803,7.771894455,4.983880997,5.901759148,7.743703842,5.022342682,6.005155087,7.771924019,4.892440796,5.896227837,7.743970394,4.983880997,6.034862995]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348015250467,"flow_src_last_pkt_time":1499348015250467,"flow_dst_last_pkt_time":1499348015250467,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348015250467,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_src_last_pkt_time":1499348015250467,"flow_dst_last_pkt_time":1499348015250467,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348015250467,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SaJAAD4GfC6sEAABwKgKMokCAFA1NK9QAAAAAKACchAI\/gAAAgQFtAQCCAoBPObyAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":2,"flow_src_last_pkt_time":1499348015250467,"flow_dst_last_pkt_time":1499348015250592,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348015250592,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiQJJKiEWNTSvUaAScSDjTwAAAgQFtAQCCAoD5rhmATzm8gEDAwc="}
@@ -3558,13 +3558,13 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_src_last_pkt_time":1499348019059002,"flow_dst_last_pkt_time":1499348019059002,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348019059002,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bDdAAD4GWZmsEAABwKgKMokqAFBENIadAAAAAKACchAe0QAAAgQFtAQCCAoBPOqqAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":2,"flow_src_last_pkt_time":1499348019059002,"flow_dst_last_pkt_time":1499348019059168,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348019059168,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiSoKVvNnRDSGnqAScSBh7QAAAgQFtAQCCAoD5rweATzqqgEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":3,"flow_src_last_pkt_time":1499348019059893,"flow_dst_last_pkt_time":1499348019059168,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348019059893,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bDhAAD4GWaCsEAABwKgKMokqAFBENIaeClbzaIAQAOUA9QAAAQEICgE86qoD5rwe"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347886296186,"flow_src_last_pkt_time":1499347891872351,"flow_dst_last_pkt_time":1499347891871600,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348019064684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347886296186,"flow_src_last_pkt_time":1499347891872351,"flow_dst_last_pkt_time":1499347891871600,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348019064684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347886296186,"flow_src_last_pkt_time":1499347891872351,"flow_dst_last_pkt_time":1499347891871600,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348019064684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347887572167,"flow_src_last_pkt_time":1499347892872770,"flow_dst_last_pkt_time":1499347892872035,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348019064684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347887572167,"flow_src_last_pkt_time":1499347892872770,"flow_dst_last_pkt_time":1499347892872035,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348019064684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347887572167,"flow_src_last_pkt_time":1499347892872770,"flow_dst_last_pkt_time":1499347892872035,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348019064684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347890192783,"flow_src_last_pkt_time":1499347895873971,"flow_dst_last_pkt_time":1499347895873223,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348019064684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347890192783,"flow_src_last_pkt_time":1499347895873971,"flow_dst_last_pkt_time":1499347895873223,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348019064684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347890192783,"flow_src_last_pkt_time":1499347895873971,"flow_dst_last_pkt_time":1499347895873223,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348019064684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347891536525,"flow_src_last_pkt_time":1499347896874836,"flow_dst_last_pkt_time":1499347896874095,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348019064684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347891536525,"flow_src_last_pkt_time":1499347896874836,"flow_dst_last_pkt_time":1499347896874095,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348019064684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347891536525,"flow_src_last_pkt_time":1499347896874836,"flow_dst_last_pkt_time":1499347896874095,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348019064684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348020357295,"flow_src_last_pkt_time":1499348020357295,"flow_dst_last_pkt_time":1499348020357295,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348020357295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_src_last_pkt_time":1499348020357295,"flow_dst_last_pkt_time":1499348020357295,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348020357295,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MF5AAD4GlXKsEAABwKgKMok4AFAr8NuwAAAAAKACchDgrwAAAgQFtAQCCAoBPOvuAAAAAAEDAwc="}
@@ -3590,19 +3590,19 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8799,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_src_last_pkt_time":1499348029395102,"flow_dst_last_pkt_time":1499348029395102,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348029395102,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DoBAAD4Gt1CsEAABwKgKMomWAFBGnvpCAAAAAKACchCePQAAAgQFtAQCCAoBPPTCAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":2,"flow_src_last_pkt_time":1499348029395102,"flow_dst_last_pkt_time":1499348029395197,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348029395197,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiZaKxK9BRp76Q6AScSCa+QAAAgQFtAQCCAoD5sY2ATz0wgEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":3,"flow_src_last_pkt_time":1499348029395961,"flow_dst_last_pkt_time":1499348029395197,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348029395961,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DoFAAD4Gt1esEAABwKgKMomWAFBGnvpDisSvQoAQAOU6AQAAAQEICgE89MID5sY2"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347894093782,"flow_src_last_pkt_time":1499347899875549,"flow_dst_last_pkt_time":1499347899874771,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347894093782,"flow_src_last_pkt_time":1499347899875549,"flow_dst_last_pkt_time":1499347899874771,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347894093782,"flow_src_last_pkt_time":1499347899875549,"flow_dst_last_pkt_time":1499347899874771,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347895396921,"flow_src_last_pkt_time":1499347900875540,"flow_dst_last_pkt_time":1499347900874811,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347895396921,"flow_src_last_pkt_time":1499347900875540,"flow_dst_last_pkt_time":1499347900874811,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347895396921,"flow_src_last_pkt_time":1499347900875540,"flow_dst_last_pkt_time":1499347900874811,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347896716455,"flow_src_last_pkt_time":1499347901875503,"flow_dst_last_pkt_time":1499347901874772,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347896716455,"flow_src_last_pkt_time":1499347901875503,"flow_dst_last_pkt_time":1499347901874772,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347896716455,"flow_src_last_pkt_time":1499347901875503,"flow_dst_last_pkt_time":1499347901874772,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347899275861,"flow_src_last_pkt_time":1499347904876392,"flow_dst_last_pkt_time":1499347904875616,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347899275861,"flow_src_last_pkt_time":1499347904876392,"flow_dst_last_pkt_time":1499347904875616,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347899275861,"flow_src_last_pkt_time":1499347904876392,"flow_dst_last_pkt_time":1499347904875616,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347900544043,"flow_src_last_pkt_time":1499347905875776,"flow_dst_last_pkt_time":1499347905875233,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347900544043,"flow_src_last_pkt_time":1499347905875776,"flow_dst_last_pkt_time":1499347905875233,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347900544043,"flow_src_last_pkt_time":1499347905875776,"flow_dst_last_pkt_time":1499347905875233,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347903125153,"flow_src_last_pkt_time":1499347908876814,"flow_dst_last_pkt_time":1499347908876129,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347903125153,"flow_src_last_pkt_time":1499347908876814,"flow_dst_last_pkt_time":1499347908876129,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347903125153,"flow_src_last_pkt_time":1499347908876814,"flow_dst_last_pkt_time":1499347908876129,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347904387079,"flow_src_last_pkt_time":1499347909877741,"flow_dst_last_pkt_time":1499347909877168,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347904387079,"flow_src_last_pkt_time":1499347909877741,"flow_dst_last_pkt_time":1499347909877168,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347904387079,"flow_src_last_pkt_time":1499347909877741,"flow_dst_last_pkt_time":1499347909877168,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348029909195,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348030687033,"flow_src_last_pkt_time":1499348030687033,"flow_dst_last_pkt_time":1499348030687033,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348030687033,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_src_last_pkt_time":1499348030687033,"flow_dst_last_pkt_time":1499348030687033,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348030687033,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gAJAAD4GRc6sEAABwKgKMomkAFDF6nYHAAAAAKACchCh2wAAAgQFtAQCCAoBPPYFAAAAAAEDAwc="}
@@ -3624,17 +3624,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_src_last_pkt_time":1499348038438178,"flow_dst_last_pkt_time":1499348038438178,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348038438178,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j\/dAAD4GNdmsEAABwKgKMon0AFAYNXJgAAAAAKACchBLVgAAAgQFtAQCCAoBPP2XAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":2,"flow_src_last_pkt_time":1499348038438178,"flow_dst_last_pkt_time":1499348038438283,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348038438283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQifSSwJxVGDVyYaAScSBKLgAAAgQFtAQCCAoD5s8KATz9lwEDAwc="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":3,"flow_src_last_pkt_time":1499348038438896,"flow_dst_last_pkt_time":1499348038438283,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348038438896,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/hAAD4GNeCsEAABwKgKMon0AFAYNXJhksCcVoAQAOXpNQAAAQEICgE8\/ZcD5s8K"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347905694349,"flow_src_last_pkt_time":1499347910877920,"flow_dst_last_pkt_time":1499347910877186,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347905694349,"flow_src_last_pkt_time":1499347910877920,"flow_dst_last_pkt_time":1499347910877186,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347905694349,"flow_src_last_pkt_time":1499347910877920,"flow_dst_last_pkt_time":1499347910877186,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347908253421,"flow_src_last_pkt_time":1499347913877603,"flow_dst_last_pkt_time":1499347913877052,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347908253421,"flow_src_last_pkt_time":1499347913877603,"flow_dst_last_pkt_time":1499347913877052,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347908253421,"flow_src_last_pkt_time":1499347913877603,"flow_dst_last_pkt_time":1499347913877052,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347909575256,"flow_src_last_pkt_time":1499347914878015,"flow_dst_last_pkt_time":1499347914877285,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347909575256,"flow_src_last_pkt_time":1499347914878015,"flow_dst_last_pkt_time":1499347914877285,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347909575256,"flow_src_last_pkt_time":1499347914878015,"flow_dst_last_pkt_time":1499347914877285,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347912141438,"flow_src_last_pkt_time":1499347917877513,"flow_dst_last_pkt_time":1499347917876994,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347912141438,"flow_src_last_pkt_time":1499347917877513,"flow_dst_last_pkt_time":1499347917876994,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347912141438,"flow_src_last_pkt_time":1499347917877513,"flow_dst_last_pkt_time":1499347917876994,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347913416547,"flow_src_last_pkt_time":1499347918877775,"flow_dst_last_pkt_time":1499347918877194,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347913416547,"flow_src_last_pkt_time":1499347918877775,"flow_dst_last_pkt_time":1499347918877194,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347913416547,"flow_src_last_pkt_time":1499347918877775,"flow_dst_last_pkt_time":1499347918877194,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347914710811,"flow_src_last_pkt_time":1499347919878311,"flow_dst_last_pkt_time":1499347919877784,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347914710811,"flow_src_last_pkt_time":1499347919878311,"flow_dst_last_pkt_time":1499347919877784,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347914710811,"flow_src_last_pkt_time":1499347919878311,"flow_dst_last_pkt_time":1499347919877784,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348039911983,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348041088026,"flow_src_last_pkt_time":1499348041088026,"flow_dst_last_pkt_time":1499348041088026,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348041088026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_src_last_pkt_time":1499348041088026,"flow_dst_last_pkt_time":1499348041088026,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348041088026,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8l85AAD4GLgKsEAABwKgKMooOAFBaWpfjAAAAAKACchDg\/QAAAgQFtAQCCAoBPQAtAAAAAAEDAwc="}
@@ -3660,15 +3660,15 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8966,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_src_last_pkt_time":1499348050079474,"flow_dst_last_pkt_time":1499348050079474,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348050079474,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Gn1AAD4Gq1OsEAABwKgKMopsAFCVUBKIAAAAAKACchAiPQAAAgQFtAQCCAoBPQj1AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":2,"flow_src_last_pkt_time":1499348050079474,"flow_dst_last_pkt_time":1499348050079605,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348050079605,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQimww3+sulVASiaAScSAovgAAAgQFtAQCCAoD5tppAT0I9QEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":3,"flow_src_last_pkt_time":1499348050080353,"flow_dst_last_pkt_time":1499348050079605,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348050080353,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gn5AAD4Gq1qsEAABwKgKMopsAFCVUBKJMN\/rL4AQAOXHxQAAAQEICgE9CPUD5tpp"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347917322932,"flow_src_last_pkt_time":1499347922879602,"flow_dst_last_pkt_time":1499347922878852,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347917322932,"flow_src_last_pkt_time":1499347922879602,"flow_dst_last_pkt_time":1499347922878852,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347917322932,"flow_src_last_pkt_time":1499347922879602,"flow_dst_last_pkt_time":1499347922878852,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347918608238,"flow_src_last_pkt_time":1499347923879216,"flow_dst_last_pkt_time":1499347923878671,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347918608238,"flow_src_last_pkt_time":1499347923879216,"flow_dst_last_pkt_time":1499347923878671,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347918608238,"flow_src_last_pkt_time":1499347923879216,"flow_dst_last_pkt_time":1499347923878671,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347921170850,"flow_src_last_pkt_time":1499347926880040,"flow_dst_last_pkt_time":1499347926879478,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347921170850,"flow_src_last_pkt_time":1499347926880040,"flow_dst_last_pkt_time":1499347926879478,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347921170850,"flow_src_last_pkt_time":1499347926880040,"flow_dst_last_pkt_time":1499347926879478,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347922471645,"flow_src_last_pkt_time":1499347927880011,"flow_dst_last_pkt_time":1499347927879419,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347922471645,"flow_src_last_pkt_time":1499347927880011,"flow_dst_last_pkt_time":1499347927879419,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347922471645,"flow_src_last_pkt_time":1499347927880011,"flow_dst_last_pkt_time":1499347927879419,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347923737050,"flow_src_last_pkt_time":1499347928880078,"flow_dst_last_pkt_time":1499347928879514,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347923737050,"flow_src_last_pkt_time":1499347928880078,"flow_dst_last_pkt_time":1499347928879514,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347923737050,"flow_src_last_pkt_time":1499347928880078,"flow_dst_last_pkt_time":1499347928879514,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348050084443,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348051362157,"flow_src_last_pkt_time":1499348051362157,"flow_dst_last_pkt_time":1499348051362157,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348051362157,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_src_last_pkt_time":1499348051362157,"flow_dst_last_pkt_time":1499348051362157,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348051362157,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ntRAAD4GJvysEAABwKgKMop6AFCG4ZTiAAAAAKACchCtAgAAAgQFtAQCCAoBPQo2AAAAAAEDAwc="}
@@ -3698,17 +3698,17 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9050,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_src_last_pkt_time":1499348060393569,"flow_dst_last_pkt_time":1499348060393569,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348060393569,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80ItAAD4G9USsEAABwKgKMoraAFD\/pcOMAAAAAKACchD8YgAAAgQFtAQCCAoBPRMHAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9051,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":2,"flow_src_last_pkt_time":1499348060393569,"flow_dst_last_pkt_time":1499348060393691,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348060393691,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQitr3giqS\/6XDjaAScSDyygAAAgQFtAQCCAoD5uR7AT0TBwEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":3,"flow_src_last_pkt_time":1499348060394271,"flow_dst_last_pkt_time":1499348060393691,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348060394271,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00IxAAD4G9UusEAABwKgKMoraAFD\/pcON94Iqk4AQAOWR0QAAAQEICgE9EwgD5uR7"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347926328507,"flow_src_last_pkt_time":1499347931880458,"flow_dst_last_pkt_time":1499347931879779,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347926328507,"flow_src_last_pkt_time":1499347931880458,"flow_dst_last_pkt_time":1499347931879779,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347926328507,"flow_src_last_pkt_time":1499347931880458,"flow_dst_last_pkt_time":1499347931879779,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347927657910,"flow_src_last_pkt_time":1499347932881071,"flow_dst_last_pkt_time":1499347932880313,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347927657910,"flow_src_last_pkt_time":1499347932881071,"flow_dst_last_pkt_time":1499347932880313,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347927657910,"flow_src_last_pkt_time":1499347932881071,"flow_dst_last_pkt_time":1499347932880313,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347930265843,"flow_src_last_pkt_time":1499347935880775,"flow_dst_last_pkt_time":1499347935880040,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347930265843,"flow_src_last_pkt_time":1499347935880775,"flow_dst_last_pkt_time":1499347935880040,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347930265843,"flow_src_last_pkt_time":1499347935880775,"flow_dst_last_pkt_time":1499347935880040,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347931529902,"flow_src_last_pkt_time":1499347936881389,"flow_dst_last_pkt_time":1499347936880812,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347931529902,"flow_src_last_pkt_time":1499347936881389,"flow_dst_last_pkt_time":1499347936880812,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347931529902,"flow_src_last_pkt_time":1499347936881389,"flow_dst_last_pkt_time":1499347936880812,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347934152021,"flow_src_last_pkt_time":1499347939882770,"flow_dst_last_pkt_time":1499347939881995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347934152021,"flow_src_last_pkt_time":1499347939882770,"flow_dst_last_pkt_time":1499347939881995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347934152021,"flow_src_last_pkt_time":1499347939882770,"flow_dst_last_pkt_time":1499347939881995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347935445034,"flow_src_last_pkt_time":1499347940883564,"flow_dst_last_pkt_time":1499347940882793,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347935445034,"flow_src_last_pkt_time":1499347940883564,"flow_dst_last_pkt_time":1499347940882793,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347935445034,"flow_src_last_pkt_time":1499347940883564,"flow_dst_last_pkt_time":1499347940882793,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348060913929,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348061684202,"flow_src_last_pkt_time":1499348061684202,"flow_dst_last_pkt_time":1499348061684202,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348061684202,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_src_last_pkt_time":1499348061684202,"flow_dst_last_pkt_time":1499348061684202,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348061684202,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8R+ZAAD4GfeqsEAABwKgKMoroAFA+FlOsAAAAAKACchAsggAAAgQFtAQCCAoBPRRKAAAAAAEDAwc="}
@@ -3734,22 +3734,22 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_src_last_pkt_time":1499348070791453,"flow_dst_last_pkt_time":1499348070791453,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348070791453,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jQtAAD4GOMWsEAABwKgKMotGAFAklpAkAAAAAKACchAARwAAAgQFtAQCCAoBPR0vAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":2,"flow_src_last_pkt_time":1499348070791453,"flow_dst_last_pkt_time":1499348070791613,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348070791613,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi0aOH7cfJJaQJaAScSDJXAAAAgQFtAQCCAoD5u6jAT0dLwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":3,"flow_src_last_pkt_time":1499348070792328,"flow_dst_last_pkt_time":1499348070791613,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348070792328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jQxAAD4GOMysEAABwKgKMotGAFAklpAljh+3IIAQAOVoZAAAAQEICgE9HS8D5u6j"}
-01041{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":110,"flow_first_seen":1499347872187685,"flow_src_last_pkt_time":1499347941610453,"flow_dst_last_pkt_time":1499347941610501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183586,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347936727621,"flow_src_last_pkt_time":1499347941876627,"flow_dst_last_pkt_time":1499347941876112,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01195{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":110,"flow_first_seen":1499347872187685,"flow_src_last_pkt_time":1499347941610453,"flow_dst_last_pkt_time":1499347941610501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183586,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347936727621,"flow_src_last_pkt_time":1499347941876627,"flow_dst_last_pkt_time":1499347941876112,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347936727621,"flow_src_last_pkt_time":1499347941876627,"flow_dst_last_pkt_time":1499347941876112,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347940593756,"flow_src_last_pkt_time":1499347945883742,"flow_dst_last_pkt_time":1499347945883166,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347940593756,"flow_src_last_pkt_time":1499347945883742,"flow_dst_last_pkt_time":1499347945883166,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347940593756,"flow_src_last_pkt_time":1499347945883742,"flow_dst_last_pkt_time":1499347945883166,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347943146476,"flow_src_last_pkt_time":1499347948885366,"flow_dst_last_pkt_time":1499347948884596,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347943146476,"flow_src_last_pkt_time":1499347948885366,"flow_dst_last_pkt_time":1499347948884596,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347943146476,"flow_src_last_pkt_time":1499347948885366,"flow_dst_last_pkt_time":1499347948884596,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347944440148,"flow_src_last_pkt_time":1499347949885726,"flow_dst_last_pkt_time":1499347949885173,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347944440148,"flow_src_last_pkt_time":1499347949885726,"flow_dst_last_pkt_time":1499347949885173,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347944440148,"flow_src_last_pkt_time":1499347949885726,"flow_dst_last_pkt_time":1499347949885173,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347945720318,"flow_src_last_pkt_time":1499347950886298,"flow_dst_last_pkt_time":1499347950885752,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347945720318,"flow_src_last_pkt_time":1499347950886298,"flow_dst_last_pkt_time":1499347950885752,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347945720318,"flow_src_last_pkt_time":1499347950886298,"flow_dst_last_pkt_time":1499347950885752,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348070917210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348072088629,"flow_src_last_pkt_time":1499348072088629,"flow_dst_last_pkt_time":1499348072088629,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348072088629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_src_last_pkt_time":1499348072088629,"flow_dst_last_pkt_time":1499348072088629,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348072088629,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DYZAAD4GuEqsEAABwKgKMotUAFAOsRP1AAAAAKACchCRCQAAAgQFtAQCCAoBPR5zAAAAAAEDAwc="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":2,"flow_src_last_pkt_time":1499348072088629,"flow_dst_last_pkt_time":1499348072088754,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348072088754,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi1Q00\/Q8DrET9qAScSB1CgAAAgQFtAQCCAoD5u\/nAT0ecwEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":3,"flow_src_last_pkt_time":1499348072089529,"flow_dst_last_pkt_time":1499348072088754,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348072089529,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DYdAAD4GuFGsEAABwKgKMotUAFAOsRP2NNP0PYAQAOUUEgAAAQEICgE9HnMD5u\/n"}
-01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9155,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348068136241,"flow_src_last_pkt_time":1499348072090135,"flow_dst_last_pkt_time":1499348068136365,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348072090135,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
+01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9155,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348068136241,"flow_src_last_pkt_time":1499348072090135,"flow_dst_last_pkt_time":1499348068136365,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348072090135,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68","http": {"url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0","detected_os":"Linux x86_64"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348073365184,"flow_src_last_pkt_time":1499348073365184,"flow_dst_last_pkt_time":1499348073365184,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348073365184,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_src_last_pkt_time":1499348073365184,"flow_dst_last_pkt_time":1499348073365184,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348073365184,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Pg1AAD4Gh8OsEAABwKgKMotiAFCjeCG\/AAAAAKACchDtKgAAAgQFtAQCCAoBPR+yAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9163,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":2,"flow_src_last_pkt_time":1499348073365184,"flow_dst_last_pkt_time":1499348073365350,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348073365350,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi2IT1M33o3ghwKAScSAXMQAAAgQFtAQCCAoD5vEmAT0fsgEDAwc="}
@@ -3762,7 +3762,7 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_src_last_pkt_time":1499348077218866,"flow_dst_last_pkt_time":1499348077218866,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348077218866,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80HtAAD4G9VSsEAABwKgKMouKAFBc0\/MNAAAAAKACchBelQAAAgQFtAQCCAoBPSN2AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9193,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":2,"flow_src_last_pkt_time":1499348077218866,"flow_dst_last_pkt_time":1499348077218968,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348077218968,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi4oOSV5eXNPzDqAScSD5+wAAAgQFtAQCCAoD5vTqAT0jdgEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":3,"flow_src_last_pkt_time":1499348077219749,"flow_dst_last_pkt_time":1499348077218968,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348077219749,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00HxAAD4G9VusEAABwKgKMouKAFBc0\/MODkleX4AQAOWZAwAAAQEICgE9I3YD5vTq"}
-02389{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":9201,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499348068136241,"flow_src_last_pkt_time":1499348078263151,"flow_dst_last_pkt_time":1499348077222575,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16415,"midstream":0,"thread_ts_usec":1499348078263151,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":124,"avg":619782.1,"max":3953842,"stddev":972474.7,"var":945707024384.0,"ent":3.7,"data": [124,706,3953188,3953842,3024,3763,1020630,1024309,3710,248238,252345,4156,1041683,1045979,4295,255096,258771,3649,1007135,1010804,3655,252666,256217,3575,1010481,1014239,3761,262869,266680,3784,1039870]},"pktlen": {"min":52,"avg":716.7,"max":1920,"stddev":755.5,"var":570797.2,"ent":4.2,"data": [60,60,52,637,52,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.605007172,5.106241703,4.969672203,6.010980606,4.854287148,7.776665688,4.983880997,5.869518280,7.738469601,5.022342682,6.005230904,7.777610302,5.022342682,5.854826927,7.740310192,5.022342682,6.000309944,7.769937992,5.022342682,5.859811783,7.741565704,4.983880997,6.018991470,7.775127888,4.983880997,5.899751663,7.740706921,4.945419312,6.032977104,7.768198013,4.945419312,5.894873619]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02543{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":9201,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1499348068136241,"flow_src_last_pkt_time":1499348078263151,"flow_dst_last_pkt_time":1499348077222575,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1868,"flow_src_tot_l4_payload_len":4840,"flow_dst_tot_l4_payload_len":16415,"midstream":0,"thread_ts_usec":1499348078263151,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":124,"avg":619782.1,"max":3953842,"stddev":972474.7,"var":945707024384.0,"ent":3.7,"data": [124,706,3953188,3953842,3024,3763,1020630,1024309,3710,248238,252345,4156,1041683,1045979,4295,255096,258771,3649,1007135,1010804,3655,252666,256217,3575,1010481,1014239,3761,262869,266680,3784,1039870]},"pktlen": {"min":52,"avg":716.7,"max":1920,"stddev":755.5,"var":570797.2,"ent":4.2,"data": [60,60,52,637,52,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.605007172,5.106241703,4.969672203,6.010980606,4.854287148,7.776665688,4.983880997,5.869518280,7.738469601,5.022342682,6.005230904,7.777610302,5.022342682,5.854826927,7.740310192,5.022342682,6.000309944,7.769937992,5.022342682,5.859811783,7.741565704,4.983880997,6.018991470,7.775127888,4.983880997,5.899751663,7.740706921,4.945419312,6.032977104,7.768198013,4.945419312,5.894873619]},"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348078531918,"flow_src_last_pkt_time":1499348078531918,"flow_dst_last_pkt_time":1499348078531918,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348078531918,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_src_last_pkt_time":1499348078531918,"flow_dst_last_pkt_time":1499348078531918,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348078531918,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86yNAAD4G2qysEAABwKgKMouYAFAizM+dAAAAAKACchC6tgAAAgQFtAQCCAoBPSS+AAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9205,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":2,"flow_src_last_pkt_time":1499348078531918,"flow_dst_last_pkt_time":1499348078532057,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348078532057,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi5glYndPIszPnqAScSAkywAAAgQFtAQCCAoD5vYyAT0kvgEDAwc="}
@@ -3771,15 +3771,15 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_src_last_pkt_time":1499348081113543,"flow_dst_last_pkt_time":1499348081113543,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348081113543,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8P1ZAAD4GhnqsEAABwKgKMouyAFAGWhgVAAAAAKACchCMEgAAAgQFtAQCCAoBPSdDAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9226,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":2,"flow_src_last_pkt_time":1499348081113543,"flow_dst_last_pkt_time":1499348081113640,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348081113640,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi7IGSc2TBloYFqAScSC8dgAAAgQFtAQCCAoD5vi3AT0nQwEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9227,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":3,"flow_src_last_pkt_time":1499348081114423,"flow_dst_last_pkt_time":1499348081113640,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348081114423,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P1dAAD4GhoGsEAABwKgKMouyAFAGWhgWBknNlIAQAOVbfQAAAQEICgE9J0QD5vi3"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347948293377,"flow_src_last_pkt_time":1499347953886613,"flow_dst_last_pkt_time":1499347953885886,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347948293377,"flow_src_last_pkt_time":1499347953886613,"flow_dst_last_pkt_time":1499347953885886,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347948293377,"flow_src_last_pkt_time":1499347953886613,"flow_dst_last_pkt_time":1499347953885886,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347949587000,"flow_src_last_pkt_time":1499347954886192,"flow_dst_last_pkt_time":1499347954885640,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347949587000,"flow_src_last_pkt_time":1499347954886192,"flow_dst_last_pkt_time":1499347954885640,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347949587000,"flow_src_last_pkt_time":1499347954886192,"flow_dst_last_pkt_time":1499347954885640,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347952161752,"flow_src_last_pkt_time":1499347957887123,"flow_dst_last_pkt_time":1499347957886376,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347952161752,"flow_src_last_pkt_time":1499347957887123,"flow_dst_last_pkt_time":1499347957886376,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347952161752,"flow_src_last_pkt_time":1499347957887123,"flow_dst_last_pkt_time":1499347957886376,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347953439364,"flow_src_last_pkt_time":1499347958887127,"flow_dst_last_pkt_time":1499347958886419,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347953439364,"flow_src_last_pkt_time":1499347958887127,"flow_dst_last_pkt_time":1499347958886419,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347953439364,"flow_src_last_pkt_time":1499347958887127,"flow_dst_last_pkt_time":1499347958886419,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347954738523,"flow_src_last_pkt_time":1499347959887617,"flow_dst_last_pkt_time":1499347959886838,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347954738523,"flow_src_last_pkt_time":1499347959887617,"flow_dst_last_pkt_time":1499347959886838,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347954738523,"flow_src_last_pkt_time":1499347959887617,"flow_dst_last_pkt_time":1499347959886838,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348081118326,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348082422606,"flow_src_last_pkt_time":1499348082422606,"flow_dst_last_pkt_time":1499348082422606,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348082422606,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_src_last_pkt_time":1499348082422606,"flow_dst_last_pkt_time":1499348082422606,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348082422606,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EzVAAD4GspusEAABwKgKMovAAFDEhDu+AAAAAKACchCo6AAAAgQFtAQCCAoBPSiLAAAAAAEDAwc="}
@@ -3805,19 +3805,19 @@
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9306,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_src_last_pkt_time":1499348091413325,"flow_dst_last_pkt_time":1499348091413325,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348091413325,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nrdAAD4GJxmsEAABwKgKMoweAFAj3q\/lAAAAAKACchDMQQAAAgQFtAQCCAoBPTFTAAAAAAEDAwc="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":2,"flow_src_last_pkt_time":1499348091413325,"flow_dst_last_pkt_time":1499348091413450,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348091413450,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjB4dm6koI96v5qAScSD\/rwAAAgQFtAQCCAoD5wLGAT0xUwEDAwc="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":3,"flow_src_last_pkt_time":1499348091414216,"flow_dst_last_pkt_time":1499348091413450,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348091414216,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nrhAAD4GJyCsEAABwKgKMoweAFAj3q\/mHZupKYAQAOWetwAAAQEICgE9MVMD5wLG"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347957282969,"flow_src_last_pkt_time":1499347962887364,"flow_dst_last_pkt_time":1499347962886844,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347957282969,"flow_src_last_pkt_time":1499347962887364,"flow_dst_last_pkt_time":1499347962886844,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347957282969,"flow_src_last_pkt_time":1499347962887364,"flow_dst_last_pkt_time":1499347962886844,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347958588448,"flow_src_last_pkt_time":1499347963888736,"flow_dst_last_pkt_time":1499347963887976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347958588448,"flow_src_last_pkt_time":1499347963888736,"flow_dst_last_pkt_time":1499347963887976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347958588448,"flow_src_last_pkt_time":1499347963888736,"flow_dst_last_pkt_time":1499347963887976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347961167399,"flow_src_last_pkt_time":1499347966888192,"flow_dst_last_pkt_time":1499347966887645,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347961167399,"flow_src_last_pkt_time":1499347966888192,"flow_dst_last_pkt_time":1499347966887645,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347961167399,"flow_src_last_pkt_time":1499347966888192,"flow_dst_last_pkt_time":1499347966887645,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347962480121,"flow_src_last_pkt_time":1499347967888208,"flow_dst_last_pkt_time":1499347967887666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347962480121,"flow_src_last_pkt_time":1499347967888208,"flow_dst_last_pkt_time":1499347967887666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347962480121,"flow_src_last_pkt_time":1499347967888208,"flow_dst_last_pkt_time":1499347967887666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347963774226,"flow_src_last_pkt_time":1499347968888594,"flow_dst_last_pkt_time":1499347968888056,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347963774226,"flow_src_last_pkt_time":1499347968888594,"flow_dst_last_pkt_time":1499347968888056,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347963774226,"flow_src_last_pkt_time":1499347968888594,"flow_dst_last_pkt_time":1499347968888056,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347965133778,"flow_src_last_pkt_time":1499347970889948,"flow_dst_last_pkt_time":1499347970889201,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347965133778,"flow_src_last_pkt_time":1499347970889948,"flow_dst_last_pkt_time":1499347970889201,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347965133778,"flow_src_last_pkt_time":1499347970889948,"flow_dst_last_pkt_time":1499347970889201,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347966420243,"flow_src_last_pkt_time":1499347971889972,"flow_dst_last_pkt_time":1499347971889233,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347966420243,"flow_src_last_pkt_time":1499347971889972,"flow_dst_last_pkt_time":1499347971889233,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347966420243,"flow_src_last_pkt_time":1499347971889972,"flow_dst_last_pkt_time":1499347971889233,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348091923741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348092675432,"flow_src_last_pkt_time":1499348092675432,"flow_dst_last_pkt_time":1499348092675432,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348092675432,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_src_last_pkt_time":1499348092675432,"flow_dst_last_pkt_time":1499348092675432,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348092675432,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WzpAAD4GapasEAABwKgKMowsAFACaGm0AAAAAKACchAyoAAAAgQFtAQCCAoBPTKOAAAAAAEDAwc="}
@@ -3835,157 +3835,157 @@
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_src_last_pkt_time":1499348099359601,"flow_dst_last_pkt_time":1499348099359601,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348099359601,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tSBAAD4GELCsEAABwKgKMoxuAFCNr4w1AAAAAKACchB+DgAAAgQFtAQCCAoBPTkVAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":2,"flow_src_last_pkt_time":1499348099359601,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348099359726,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjG7WE+F5ja+MNqAScSC47wAAAgQFtAQCCAoD5wqJAT05FQEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9371,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":3,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348099360303,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tSFAAD4GELesEAABwKgKMoxuAFCNr4w21hPheoAQAOVX9wAAAQEICgE9ORUD5wqJ"}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347967724898,"flow_src_last_pkt_time":1499347972889665,"flow_dst_last_pkt_time":1499347972889121,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347967724898,"flow_src_last_pkt_time":1499347972889665,"flow_dst_last_pkt_time":1499347972889121,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347967724898,"flow_src_last_pkt_time":1499347972889665,"flow_dst_last_pkt_time":1499347972889121,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347970267013,"flow_src_last_pkt_time":1499347975890795,"flow_dst_last_pkt_time":1499347975890284,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347970267013,"flow_src_last_pkt_time":1499347975890795,"flow_dst_last_pkt_time":1499347975890284,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347970267013,"flow_src_last_pkt_time":1499347975890795,"flow_dst_last_pkt_time":1499347975890284,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347971560777,"flow_src_last_pkt_time":1499347976891089,"flow_dst_last_pkt_time":1499347976890310,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347971560777,"flow_src_last_pkt_time":1499347976891089,"flow_dst_last_pkt_time":1499347976890310,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347971560777,"flow_src_last_pkt_time":1499347976891089,"flow_dst_last_pkt_time":1499347976890310,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347974113075,"flow_src_last_pkt_time":1499347979891846,"flow_dst_last_pkt_time":1499347979891129,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347974113075,"flow_src_last_pkt_time":1499347979891846,"flow_dst_last_pkt_time":1499347979891129,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347974113075,"flow_src_last_pkt_time":1499347979891846,"flow_dst_last_pkt_time":1499347979891129,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347975371747,"flow_src_last_pkt_time":1499347980892351,"flow_dst_last_pkt_time":1499347980891608,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347975371747,"flow_src_last_pkt_time":1499347980892351,"flow_dst_last_pkt_time":1499347980891608,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347975371747,"flow_src_last_pkt_time":1499347980892351,"flow_dst_last_pkt_time":1499347980891608,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347976658358,"flow_src_last_pkt_time":1499347981892714,"flow_dst_last_pkt_time":1499347981892005,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347976658358,"flow_src_last_pkt_time":1499347981892714,"flow_dst_last_pkt_time":1499347981892005,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347976658358,"flow_src_last_pkt_time":1499347981892714,"flow_dst_last_pkt_time":1499347981892005,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347979251367,"flow_src_last_pkt_time":1499347984894022,"flow_dst_last_pkt_time":1499347984893285,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347979251367,"flow_src_last_pkt_time":1499347984894022,"flow_dst_last_pkt_time":1499347984893285,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347979251367,"flow_src_last_pkt_time":1499347984894022,"flow_dst_last_pkt_time":1499347984893285,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347980524401,"flow_src_last_pkt_time":1499347985894289,"flow_dst_last_pkt_time":1499347985893551,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347980524401,"flow_src_last_pkt_time":1499347985894289,"flow_dst_last_pkt_time":1499347985893551,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347980524401,"flow_src_last_pkt_time":1499347985894289,"flow_dst_last_pkt_time":1499347985893551,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347981782559,"flow_src_last_pkt_time":1499347986894123,"flow_dst_last_pkt_time":1499347986893391,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347981782559,"flow_src_last_pkt_time":1499347986894123,"flow_dst_last_pkt_time":1499347986893391,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347981782559,"flow_src_last_pkt_time":1499347986894123,"flow_dst_last_pkt_time":1499347986893391,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347983061482,"flow_src_last_pkt_time":1499347988894686,"flow_dst_last_pkt_time":1499347988894041,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347983061482,"flow_src_last_pkt_time":1499347988894686,"flow_dst_last_pkt_time":1499347988894041,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347983061482,"flow_src_last_pkt_time":1499347988894686,"flow_dst_last_pkt_time":1499347988894041,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347984370525,"flow_src_last_pkt_time":1499347989894984,"flow_dst_last_pkt_time":1499347989894465,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347984370525,"flow_src_last_pkt_time":1499347989894984,"flow_dst_last_pkt_time":1499347989894465,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499347984370525,"flow_src_last_pkt_time":1499347989894984,"flow_dst_last_pkt_time":1499347989894465,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347985686995,"flow_src_last_pkt_time":1499347990895783,"flow_dst_last_pkt_time":1499347990895045,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347985686995,"flow_src_last_pkt_time":1499347990895783,"flow_dst_last_pkt_time":1499347990895045,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347985686995,"flow_src_last_pkt_time":1499347990895783,"flow_dst_last_pkt_time":1499347990895045,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347988233266,"flow_src_last_pkt_time":1499347993896723,"flow_dst_last_pkt_time":1499347993896144,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347988233266,"flow_src_last_pkt_time":1499347993896723,"flow_dst_last_pkt_time":1499347993896144,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347988233266,"flow_src_last_pkt_time":1499347993896723,"flow_dst_last_pkt_time":1499347993896144,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347989526061,"flow_src_last_pkt_time":1499347994896849,"flow_dst_last_pkt_time":1499347994896303,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347989526061,"flow_src_last_pkt_time":1499347994896849,"flow_dst_last_pkt_time":1499347994896303,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347989526061,"flow_src_last_pkt_time":1499347994896849,"flow_dst_last_pkt_time":1499347994896303,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347992139610,"flow_src_last_pkt_time":1499347997898403,"flow_dst_last_pkt_time":1499347997897741,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347992139610,"flow_src_last_pkt_time":1499347997898403,"flow_dst_last_pkt_time":1499347997897741,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347992139610,"flow_src_last_pkt_time":1499347997898403,"flow_dst_last_pkt_time":1499347997897741,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347993411391,"flow_src_last_pkt_time":1499347998898446,"flow_dst_last_pkt_time":1499347998897684,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347993411391,"flow_src_last_pkt_time":1499347998898446,"flow_dst_last_pkt_time":1499347998897684,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347993411391,"flow_src_last_pkt_time":1499347998898446,"flow_dst_last_pkt_time":1499347998897684,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347994680838,"flow_src_last_pkt_time":1499347999898145,"flow_dst_last_pkt_time":1499347999897605,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347994680838,"flow_src_last_pkt_time":1499347999898145,"flow_dst_last_pkt_time":1499347999897605,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347994680838,"flow_src_last_pkt_time":1499347999898145,"flow_dst_last_pkt_time":1499347999897605,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347997344122,"flow_src_last_pkt_time":1499348002899383,"flow_dst_last_pkt_time":1499348002898601,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347997344122,"flow_src_last_pkt_time":1499348002899383,"flow_dst_last_pkt_time":1499348002898601,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347997344122,"flow_src_last_pkt_time":1499348002899383,"flow_dst_last_pkt_time":1499348002898601,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347998605791,"flow_src_last_pkt_time":1499348003900302,"flow_dst_last_pkt_time":1499348003899571,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347998605791,"flow_src_last_pkt_time":1499348003900302,"flow_dst_last_pkt_time":1499348003899571,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347998605791,"flow_src_last_pkt_time":1499348003900302,"flow_dst_last_pkt_time":1499348003899571,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348001148029,"flow_src_last_pkt_time":1499348006901228,"flow_dst_last_pkt_time":1499348006900522,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348001148029,"flow_src_last_pkt_time":1499348006901228,"flow_dst_last_pkt_time":1499348006900522,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348001148029,"flow_src_last_pkt_time":1499348006901228,"flow_dst_last_pkt_time":1499348006900522,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-01041{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":105,"flow_first_seen":1499348002450018,"flow_src_last_pkt_time":1499348071824512,"flow_dst_last_pkt_time":1499348071824587,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183572,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348003742531,"flow_src_last_pkt_time":1499348008904666,"flow_dst_last_pkt_time":1499348008903906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01195{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":105,"flow_first_seen":1499348002450018,"flow_src_last_pkt_time":1499348071824512,"flow_dst_last_pkt_time":1499348071824587,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183572,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348003742531,"flow_src_last_pkt_time":1499348008904666,"flow_dst_last_pkt_time":1499348008903906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348003742531,"flow_src_last_pkt_time":1499348008904666,"flow_dst_last_pkt_time":1499348008903906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348006334523,"flow_src_last_pkt_time":1499348011904532,"flow_dst_last_pkt_time":1499348011903791,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348006334523,"flow_src_last_pkt_time":1499348011904532,"flow_dst_last_pkt_time":1499348011903791,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348006334523,"flow_src_last_pkt_time":1499348011904532,"flow_dst_last_pkt_time":1499348011903791,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348007599846,"flow_src_last_pkt_time":1499348012904486,"flow_dst_last_pkt_time":1499348012903735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348007599846,"flow_src_last_pkt_time":1499348012904486,"flow_dst_last_pkt_time":1499348012903735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348007599846,"flow_src_last_pkt_time":1499348012904486,"flow_dst_last_pkt_time":1499348012903735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348010145611,"flow_src_last_pkt_time":1499348015905252,"flow_dst_last_pkt_time":1499348015904505,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348010145611,"flow_src_last_pkt_time":1499348015905252,"flow_dst_last_pkt_time":1499348015904505,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348010145611,"flow_src_last_pkt_time":1499348015905252,"flow_dst_last_pkt_time":1499348015904505,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348011433036,"flow_src_last_pkt_time":1499348016905272,"flow_dst_last_pkt_time":1499348016904566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348011433036,"flow_src_last_pkt_time":1499348016905272,"flow_dst_last_pkt_time":1499348016904566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348011433036,"flow_src_last_pkt_time":1499348016905272,"flow_dst_last_pkt_time":1499348016904566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348012728762,"flow_src_last_pkt_time":1499348017905547,"flow_dst_last_pkt_time":1499348017904775,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348012728762,"flow_src_last_pkt_time":1499348017905547,"flow_dst_last_pkt_time":1499348017904775,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348012728762,"flow_src_last_pkt_time":1499348017905547,"flow_dst_last_pkt_time":1499348017904775,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348015250467,"flow_src_last_pkt_time":1499348020905968,"flow_dst_last_pkt_time":1499348020905225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348015250467,"flow_src_last_pkt_time":1499348020905968,"flow_dst_last_pkt_time":1499348020905225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348015250467,"flow_src_last_pkt_time":1499348020905968,"flow_dst_last_pkt_time":1499348020905225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348016526028,"flow_src_last_pkt_time":1499348021905932,"flow_dst_last_pkt_time":1499348021905380,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348016526028,"flow_src_last_pkt_time":1499348021905932,"flow_dst_last_pkt_time":1499348021905380,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348016526028,"flow_src_last_pkt_time":1499348021905932,"flow_dst_last_pkt_time":1499348021905380,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348019059002,"flow_src_last_pkt_time":1499348024906629,"flow_dst_last_pkt_time":1499348024906111,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348019059002,"flow_src_last_pkt_time":1499348024906629,"flow_dst_last_pkt_time":1499348024906111,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348019059002,"flow_src_last_pkt_time":1499348024906629,"flow_dst_last_pkt_time":1499348024906111,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348020357295,"flow_src_last_pkt_time":1499348025907948,"flow_dst_last_pkt_time":1499348025907158,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348020357295,"flow_src_last_pkt_time":1499348025907948,"flow_dst_last_pkt_time":1499348025907158,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348020357295,"flow_src_last_pkt_time":1499348025907948,"flow_dst_last_pkt_time":1499348025907158,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348021660105,"flow_src_last_pkt_time":1499348026908282,"flow_dst_last_pkt_time":1499348026907551,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348021660105,"flow_src_last_pkt_time":1499348026908282,"flow_dst_last_pkt_time":1499348026907551,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348021660105,"flow_src_last_pkt_time":1499348026908282,"flow_dst_last_pkt_time":1499348026907551,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348024206226,"flow_src_last_pkt_time":1499348029909195,"flow_dst_last_pkt_time":1499348029908520,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348024206226,"flow_src_last_pkt_time":1499348029909195,"flow_dst_last_pkt_time":1499348029908520,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348024206226,"flow_src_last_pkt_time":1499348029909195,"flow_dst_last_pkt_time":1499348029908520,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348025497134,"flow_src_last_pkt_time":1499348030909887,"flow_dst_last_pkt_time":1499348030909214,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348025497134,"flow_src_last_pkt_time":1499348030909887,"flow_dst_last_pkt_time":1499348030909214,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348025497134,"flow_src_last_pkt_time":1499348030909887,"flow_dst_last_pkt_time":1499348030909214,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499348028117807,"flow_src_last_pkt_time":1499348033910950,"flow_dst_last_pkt_time":1499348033910486,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499348028117807,"flow_src_last_pkt_time":1499348033910950,"flow_dst_last_pkt_time":1499348033910486,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499348028117807,"flow_src_last_pkt_time":1499348033910950,"flow_dst_last_pkt_time":1499348033910486,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348029395102,"flow_src_last_pkt_time":1499348034910097,"flow_dst_last_pkt_time":1499348034909394,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348029395102,"flow_src_last_pkt_time":1499348034910097,"flow_dst_last_pkt_time":1499348034909394,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348029395102,"flow_src_last_pkt_time":1499348034910097,"flow_dst_last_pkt_time":1499348034909394,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348030687033,"flow_src_last_pkt_time":1499348035910627,"flow_dst_last_pkt_time":1499348035909931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348030687033,"flow_src_last_pkt_time":1499348035910627,"flow_dst_last_pkt_time":1499348035909931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348030687033,"flow_src_last_pkt_time":1499348035910627,"flow_dst_last_pkt_time":1499348035909931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499348033296951,"flow_src_last_pkt_time":1499348038910995,"flow_dst_last_pkt_time":1499348038910414,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499348033296951,"flow_src_last_pkt_time":1499348038910995,"flow_dst_last_pkt_time":1499348038910414,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1499348033296951,"flow_src_last_pkt_time":1499348038910995,"flow_dst_last_pkt_time":1499348038910414,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348034569726,"flow_src_last_pkt_time":1499348039911983,"flow_dst_last_pkt_time":1499348039911241,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348034569726,"flow_src_last_pkt_time":1499348039911983,"flow_dst_last_pkt_time":1499348039911241,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348034569726,"flow_src_last_pkt_time":1499348039911983,"flow_dst_last_pkt_time":1499348039911241,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348037175604,"flow_src_last_pkt_time":1499348042911851,"flow_dst_last_pkt_time":1499348042911131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348037175604,"flow_src_last_pkt_time":1499348042911851,"flow_dst_last_pkt_time":1499348042911131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348037175604,"flow_src_last_pkt_time":1499348042911851,"flow_dst_last_pkt_time":1499348042911131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348038438178,"flow_src_last_pkt_time":1499348043911898,"flow_dst_last_pkt_time":1499348043911131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348038438178,"flow_src_last_pkt_time":1499348043911898,"flow_dst_last_pkt_time":1499348043911131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348038438178,"flow_src_last_pkt_time":1499348043911898,"flow_dst_last_pkt_time":1499348043911131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348041088026,"flow_src_last_pkt_time":1499348046912470,"flow_dst_last_pkt_time":1499348046911725,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348041088026,"flow_src_last_pkt_time":1499348046912470,"flow_dst_last_pkt_time":1499348046911725,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348041088026,"flow_src_last_pkt_time":1499348046912470,"flow_dst_last_pkt_time":1499348046911725,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348042384336,"flow_src_last_pkt_time":1499348047912886,"flow_dst_last_pkt_time":1499348047912139,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348042384336,"flow_src_last_pkt_time":1499348047912886,"flow_dst_last_pkt_time":1499348047912139,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348042384336,"flow_src_last_pkt_time":1499348047912886,"flow_dst_last_pkt_time":1499348047912139,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348043670139,"flow_src_last_pkt_time":1499348048912967,"flow_dst_last_pkt_time":1499348048912253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348043670139,"flow_src_last_pkt_time":1499348048912967,"flow_dst_last_pkt_time":1499348048912253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348043670139,"flow_src_last_pkt_time":1499348048912967,"flow_dst_last_pkt_time":1499348048912253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348046262543,"flow_src_last_pkt_time":1499348051913354,"flow_dst_last_pkt_time":1499348051912643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348046262543,"flow_src_last_pkt_time":1499348051913354,"flow_dst_last_pkt_time":1499348051912643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348046262543,"flow_src_last_pkt_time":1499348051913354,"flow_dst_last_pkt_time":1499348051912643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348047547005,"flow_src_last_pkt_time":1499348052913434,"flow_dst_last_pkt_time":1499348052912693,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348047547005,"flow_src_last_pkt_time":1499348052913434,"flow_dst_last_pkt_time":1499348052912693,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348047547005,"flow_src_last_pkt_time":1499348052913434,"flow_dst_last_pkt_time":1499348052912693,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348050079474,"flow_src_last_pkt_time":1499348055913596,"flow_dst_last_pkt_time":1499348055912812,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348050079474,"flow_src_last_pkt_time":1499348055913596,"flow_dst_last_pkt_time":1499348055912812,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348050079474,"flow_src_last_pkt_time":1499348055913596,"flow_dst_last_pkt_time":1499348055912812,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348051362157,"flow_src_last_pkt_time":1499348056913859,"flow_dst_last_pkt_time":1499348056913088,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348051362157,"flow_src_last_pkt_time":1499348056913859,"flow_dst_last_pkt_time":1499348056913088,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348051362157,"flow_src_last_pkt_time":1499348056913859,"flow_dst_last_pkt_time":1499348056913088,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348052641614,"flow_src_last_pkt_time":1499348057914097,"flow_dst_last_pkt_time":1499348057913385,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348052641614,"flow_src_last_pkt_time":1499348057914097,"flow_dst_last_pkt_time":1499348057913385,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348052641614,"flow_src_last_pkt_time":1499348057914097,"flow_dst_last_pkt_time":1499348057913385,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348055228139,"flow_src_last_pkt_time":1499348060913929,"flow_dst_last_pkt_time":1499348060913189,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348055228139,"flow_src_last_pkt_time":1499348060913929,"flow_dst_last_pkt_time":1499348060913189,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348055228139,"flow_src_last_pkt_time":1499348060913929,"flow_dst_last_pkt_time":1499348060913189,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348056534889,"flow_src_last_pkt_time":1499348061914214,"flow_dst_last_pkt_time":1499348061913480,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348056534889,"flow_src_last_pkt_time":1499348061914214,"flow_dst_last_pkt_time":1499348061913480,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348056534889,"flow_src_last_pkt_time":1499348061914214,"flow_dst_last_pkt_time":1499348061913480,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348057789900,"flow_src_last_pkt_time":1499348062914286,"flow_dst_last_pkt_time":1499348062913553,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348057789900,"flow_src_last_pkt_time":1499348062914286,"flow_dst_last_pkt_time":1499348062913553,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348057789900,"flow_src_last_pkt_time":1499348062914286,"flow_dst_last_pkt_time":1499348062913553,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348059068980,"flow_src_last_pkt_time":1499348064914738,"flow_dst_last_pkt_time":1499348064914003,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348059068980,"flow_src_last_pkt_time":1499348064914738,"flow_dst_last_pkt_time":1499348064914003,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348059068980,"flow_src_last_pkt_time":1499348064914738,"flow_dst_last_pkt_time":1499348064914003,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348060393569,"flow_src_last_pkt_time":1499348065915250,"flow_dst_last_pkt_time":1499348065914537,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348060393569,"flow_src_last_pkt_time":1499348065915250,"flow_dst_last_pkt_time":1499348065914537,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348060393569,"flow_src_last_pkt_time":1499348065915250,"flow_dst_last_pkt_time":1499348065914537,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348061684202,"flow_src_last_pkt_time":1499348066915337,"flow_dst_last_pkt_time":1499348066914609,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348061684202,"flow_src_last_pkt_time":1499348066915337,"flow_dst_last_pkt_time":1499348066914609,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348061684202,"flow_src_last_pkt_time":1499348066915337,"flow_dst_last_pkt_time":1499348066914609,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348064243564,"flow_src_last_pkt_time":1499348069916386,"flow_dst_last_pkt_time":1499348069915653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348064243564,"flow_src_last_pkt_time":1499348069916386,"flow_dst_last_pkt_time":1499348069915653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348064243564,"flow_src_last_pkt_time":1499348069916386,"flow_dst_last_pkt_time":1499348069915653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348065546965,"flow_src_last_pkt_time":1499348070917210,"flow_dst_last_pkt_time":1499348070916467,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348065546965,"flow_src_last_pkt_time":1499348070917210,"flow_dst_last_pkt_time":1499348070916467,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348065546965,"flow_src_last_pkt_time":1499348070917210,"flow_dst_last_pkt_time":1499348070916467,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"finished","flow_src_packets_processed":88,"flow_dst_packets_processed":45,"flow_first_seen":1499348068136241,"flow_src_last_pkt_time":1499348099366088,"flow_dst_last_pkt_time":1499348099365372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":20906,"flow_dst_tot_l4_payload_len":78248,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348069426418,"flow_src_last_pkt_time":1499348074917691,"flow_dst_last_pkt_time":1499348074917024,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01289{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"finished","flow_src_packets_processed":88,"flow_dst_packets_processed":45,"flow_first_seen":1499348068136241,"flow_src_last_pkt_time":1499348099366088,"flow_dst_last_pkt_time":1499348099365372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":20906,"flow_dst_tot_l4_payload_len":78248,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348069426418,"flow_src_last_pkt_time":1499348074917691,"flow_dst_last_pkt_time":1499348074917024,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348069426418,"flow_src_last_pkt_time":1499348074917691,"flow_dst_last_pkt_time":1499348074917024,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348070791453,"flow_src_last_pkt_time":1499348075918323,"flow_dst_last_pkt_time":1499348075917611,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348070791453,"flow_src_last_pkt_time":1499348075918323,"flow_dst_last_pkt_time":1499348075917611,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348070791453,"flow_src_last_pkt_time":1499348075918323,"flow_dst_last_pkt_time":1499348075917611,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348072088629,"flow_src_last_pkt_time":1499348077919409,"flow_dst_last_pkt_time":1499348077918703,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348072088629,"flow_src_last_pkt_time":1499348077919409,"flow_dst_last_pkt_time":1499348077918703,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348072088629,"flow_src_last_pkt_time":1499348077919409,"flow_dst_last_pkt_time":1499348077918703,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348073365184,"flow_src_last_pkt_time":1499348078919503,"flow_dst_last_pkt_time":1499348078918750,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348073365184,"flow_src_last_pkt_time":1499348078919503,"flow_dst_last_pkt_time":1499348078918750,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348073365184,"flow_src_last_pkt_time":1499348078919503,"flow_dst_last_pkt_time":1499348078918750,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348074670569,"flow_src_last_pkt_time":1499348079919827,"flow_dst_last_pkt_time":1499348079919120,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348074670569,"flow_src_last_pkt_time":1499348079919827,"flow_dst_last_pkt_time":1499348079919120,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348074670569,"flow_src_last_pkt_time":1499348079919827,"flow_dst_last_pkt_time":1499348079919120,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348077218866,"flow_src_last_pkt_time":1499348082920677,"flow_dst_last_pkt_time":1499348082919933,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348077218866,"flow_src_last_pkt_time":1499348082920677,"flow_dst_last_pkt_time":1499348082919933,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348077218866,"flow_src_last_pkt_time":1499348082920677,"flow_dst_last_pkt_time":1499348082919933,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348078531918,"flow_src_last_pkt_time":1499348083921047,"flow_dst_last_pkt_time":1499348083920316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348078531918,"flow_src_last_pkt_time":1499348083921047,"flow_dst_last_pkt_time":1499348083920316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348078531918,"flow_src_last_pkt_time":1499348083921047,"flow_dst_last_pkt_time":1499348083920316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348081113543,"flow_src_last_pkt_time":1499348086921734,"flow_dst_last_pkt_time":1499348086920982,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348081113543,"flow_src_last_pkt_time":1499348086921734,"flow_dst_last_pkt_time":1499348086920982,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348081113543,"flow_src_last_pkt_time":1499348086921734,"flow_dst_last_pkt_time":1499348086920982,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348082422606,"flow_src_last_pkt_time":1499348087922030,"flow_dst_last_pkt_time":1499348087921472,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348082422606,"flow_src_last_pkt_time":1499348087922030,"flow_dst_last_pkt_time":1499348087921472,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348082422606,"flow_src_last_pkt_time":1499348087922030,"flow_dst_last_pkt_time":1499348087921472,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348083715901,"flow_src_last_pkt_time":1499348088922438,"flow_dst_last_pkt_time":1499348088921880,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348083715901,"flow_src_last_pkt_time":1499348088922438,"flow_dst_last_pkt_time":1499348088921880,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348083715901,"flow_src_last_pkt_time":1499348088922438,"flow_dst_last_pkt_time":1499348088921880,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348086300221,"flow_src_last_pkt_time":1499348091923741,"flow_dst_last_pkt_time":1499348091922988,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348086300221,"flow_src_last_pkt_time":1499348091923741,"flow_dst_last_pkt_time":1499348091922988,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348086300221,"flow_src_last_pkt_time":1499348091923741,"flow_dst_last_pkt_time":1499348091922988,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348087568323,"flow_src_last_pkt_time":1499348092924755,"flow_dst_last_pkt_time":1499348092924025,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348087568323,"flow_src_last_pkt_time":1499348092924755,"flow_dst_last_pkt_time":1499348092924025,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348087568323,"flow_src_last_pkt_time":1499348092924755,"flow_dst_last_pkt_time":1499348092924025,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348090129532,"flow_src_last_pkt_time":1499348095924670,"flow_dst_last_pkt_time":1499348095923937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348090129532,"flow_src_last_pkt_time":1499348095924670,"flow_dst_last_pkt_time":1499348095923937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348090129532,"flow_src_last_pkt_time":1499348095924670,"flow_dst_last_pkt_time":1499348095923937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348091413325,"flow_src_last_pkt_time":1499348096924818,"flow_dst_last_pkt_time":1499348096924250,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348091413325,"flow_src_last_pkt_time":1499348096924818,"flow_dst_last_pkt_time":1499348096924250,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348091413325,"flow_src_last_pkt_time":1499348096924818,"flow_dst_last_pkt_time":1499348096924250,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348092675432,"flow_src_last_pkt_time":1499348097925853,"flow_dst_last_pkt_time":1499348097925281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348092675432,"flow_src_last_pkt_time":1499348097925853,"flow_dst_last_pkt_time":1499348097925281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00759{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499348092675432,"flow_src_last_pkt_time":1499348097925853,"flow_dst_last_pkt_time":1499348097925281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348095258740,"flow_src_last_pkt_time":1499348095259488,"flow_dst_last_pkt_time":1499348095258898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348095258740,"flow_src_last_pkt_time":1499348095259488,"flow_dst_last_pkt_time":1499348095258898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348095258740,"flow_src_last_pkt_time":1499348095259488,"flow_dst_last_pkt_time":1499348095258898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348096595051,"flow_src_last_pkt_time":1499348096595952,"flow_dst_last_pkt_time":1499348096595195,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348096595051,"flow_src_last_pkt_time":1499348096595952,"flow_dst_last_pkt_time":1499348096595195,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348096595051,"flow_src_last_pkt_time":1499348096595952,"flow_dst_last_pkt_time":1499348096595195,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00893{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-01137{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":105,"flow_first_seen":1499347939286105,"flow_src_last_pkt_time":1499348006339850,"flow_dst_last_pkt_time":1499348006339926,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183687,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01291{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":105,"flow_first_seen":1499347939286105,"flow_src_last_pkt_time":1499348006339850,"flow_dst_last_pkt_time":1499348006339926,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183687,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Suspicious Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00582{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":9374,"packets-processed":9374,"total-skipped-flows":0,"total-l4-payload-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3989,"global_ts_usec":1499348099366088}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 9374/9374
@@ -3995,10 +3995,10 @@
~~ total active/idle flows...: 661/661
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7476578 bytes
-~~ total memory freed........: 7476578 bytes
-~~ total allocations/frees...: 138250/138250
+~~ total memory allocated....: 7879937 bytes
+~~ total memory freed........: 7879937 bytes
+~~ total allocations/frees...: 139220/139220
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 497 chars
-~~ json string max len.......: 2394 chars
-~~ json string avg len.......: 1445 chars
+~~ json string max len.......: 2548 chars
+~~ json string avg len.......: 1522 chars
Powered by cgit, Themed by Ted Yin.