aboutsummaryrefslogtreecommitdiff
path: root/test/results/anydesk-2.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/anydesk-2.pcap.out')
-rw-r--r--test/results/anydesk-2.pcap.out30
1 files changed, 15 insertions, 15 deletions
diff --git a/test/results/anydesk-2.pcap.out b/test/results/anydesk-2.pcap.out
index dc616093d..53e0b4428 100644
--- a/test/results/anydesk-2.pcap.out
+++ b/test/results/anydesk-2.pcap.out
@@ -1,26 +1,26 @@
00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk-2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1613977585247,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1613977585247,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"}
-00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1613977585260,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1613977585260,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcjnRAADkRLxDAqAEBwKgBuwA16HcASAAA7CKBgAABAAEAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAADSNAAEJT3fDw=="}
-00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977585260,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}}
+00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977585260,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1613977585542,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1613977585542,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C4AAIARAADAqAG7wKgBAdhQADUAOIRW6okBAAABAAAAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQAB"}
-00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1613977585553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1613977585553,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcBhBAADkRt3TAqAEBwKgBuwA12FAASAAA6omBgAABAAEAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAABtXAAEisckcw=="}
-00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977585553,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}}
+00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977585553,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977595379,"flow_last_seen":1613977595379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1613977595379,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1613977595379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1613977595379,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDNAAIAGAADAqAG7wKgBstOUG56PGHtIAAAAAIAC+vCE5AAAAgQFtAEDAwgBAQQC"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1613977595380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1613977595380,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"}
00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1613977595380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1613977595380,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"}
-00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1613977595380,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01144{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1613977595391,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
+01170{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1613977595380,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01495{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1613977595391,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977595407,"flow_last_seen":1613977595407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1613977595407,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1613977595407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1613977595407,"pkt":"2MuK4S0uKDc3AG3ICABFAABAAABAAEAGtfrAqAGywKgBu8tHG54tLA3cAAAAALAC\/\/97PgAAAgQFtAEDAwUBAQgKHE34xQAAAAAEAgAA"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1613977595407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1613977595407,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1613977595407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1613977595407,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"}
-00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1613977595408,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01161{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":179,"midstream":0,"ts_msec":1613977595549,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}
+01171{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1613977595408,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01593{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":179,"midstream":0,"ts_msec":1613977595549,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}
05662{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":41,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":3980,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":3980,"pkt_l4_len":0,"ts_msec":1613977596944,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAdINAAIAGAADAqAG7wKgBstOUG56PGIGVWcP92VAYA\/6ExAAAFwMDD1FZ4hNO+msUnGzaUU1nlPykrkKoqd5IWa\/vA7eRR3EZWBPkhLgUG\/LhKYhOBCw1WETNsRkQ\/Njqm5X16glM7tI+xcqXk3+pstweoYW+cn9Gn62XhRf8R73HpNP8O90ZrBr9CegI\/VdfYrSOHPhA2e99E+0j4+VZ\/OWFINBvKkj3BJnfIY06LJr7sGJtR+dAQOwICx8D4\/W7388S52uXl0lL2KX7WyKVvleG6T8fiXMQLVolTazIJs4yZw9hrrazGCRC9Iqdm+H0azjBk4m3YV2OMKP54OCS8dUcnak2O8dvImZ5iKslxqv2hokAbqvJMaM8mhVBXwGF52ctr4Cwnw77hzC+mSW4bmrp4Tcg5MPiRw1mTQ\/3NPawA+Zq2rxYSvhk\/u9pX+e10AKM2NMlc+XUfDUnwHzrihybSEsYE0XQlkwxxyc+9H9J8YsAbL+BW7EjTLB1jeSl5z2MVP12e9NNW6MZhJjwB+sOhJ+fNX0c\/v9peT6wkv\/tfGsRdmFlHVNXdzWn0O8KPkjxVcY8HmLnhgEm6RUAJURSAsF3ExMd\/sG+P\/mU688tcA+RgLosPwl9z5uDAuz9NZCd12HIAtb95ZBP9rAEaxi82tNAqOYj68rFfzNf\/RpYJfDStItU9FV3A8kHsKEGkFmk4wZ1tfIEOtfaaKe85y9pH6KiteXJy5jBBJnmRZTq3hdyxERiq+Tgi+PIu\/MNnYR6l1Pqrms9rI\/EVyNKDYzOeDBTR2B4i8xQUojiYfz8udZp2jaWACNjoGW1qrXBfIZoN6McfX9bXlxaVklg8xVW2G4CKsbb8dOBkttzzZK1dsazFK18wuUY3+V6Ukg1i3Y7Vlu6oV8qYQjVWhwNKWHFFQz6TJ1f7KJB90kDzgVnWYYn3TfOxejwLeG+nRzfrXzulo72CElL6Z\/lG\/4p+l+2wUPmPUXnPCfsAazCunsNe\/KXGVNe16AsL3LO1LT6UMDW\/nYelajX1pVTfya\/e\/g3PTYERCzcbFUt4y7zrmFbTnT4lxvHFvxanm260ljGYOP06b\/vWg+4pWLrQNkWA9MTICzlcpF\/Wmidlj0qfi29KJjQ8FUqg5l5XTfqACYhtKC63DrEESjMa46mYX5whiXYX2KSGQGVD+QvD+zhP\/CtBWeSzuMorWP+vcKHB6d86IQSfd6cz8qTUxY8QCZj3ANEPGpf51oIB2bip2d1OUvGIxbkaKup8u4V60aDmH2PiICJH7ivyV6sSvDty0QVNDKnid2wk8iOXEnChUfGO5mpd+vrzlTK6CD4G4+lV\/by4D3sFE2TznnhMG2zFDfGeHQM6Wj8gm8KTfbN+XyFgT4o3Ixk+93DyzX5mHvlurk+pBQBuQ9ppDbIH7HFD7iUZuoLbfUqyOgSKk30XQutoXEK7RJmcYeYBWd1LzTpXP+N5O5yfEDTBHxskC82ltKt9sAuTc1sKTSCwKaKWO1X\/efVdDVsf6PBKNtWizrLEymaYbySEtGfJmMlB6uqJtfUm27qL5ujDZ9mIHM3LMDyrXtK4KlpdB5iI\/euSzqF5fQqGYeXiGJN0S41Eb1GzBVvFl0s3aeJb4QFn0CJSOTsL6GyRbOkT1a0vLdMrPBz9u6BivhEd+ZLHaRV3+iJKbIcXbXR9lrCbTCrjSVY49HI76N6tDFWvse7Dr0bXXYFqqkOjweEf0JSWOknOhym3HAWiuHVX+ROnUrPCbEeLIpp8zL9GGOTk8Q2mr5Spw6l4rc37QDj2M6jtgkezE2X86cK+oDpDDOIVj+F1pGcC4UnUPTK3scoEmHGH7LkKEd5RDRudiwg7tbKcGUP4BwRqmS2Gi9LKpIBXdtqiZPGwomBbzdlo+z0RHOWr\/up4gl1dmUxQF+tDc4oHMCMi1e8zspb+grjhj6EezTHv3ji+8yN7mdzS+Gkbpt7QlBarSoY5L48wl08+ZBvrukp07VUSwQcfAn9S8NB43w8+z45JDDrveYZ28KVDUxo6GQB3B0xG4JCzoWvRhSPRa7ni7nu9Gszwc7tPJ9xiDAaAq2gfthjMseLUOdGDz0BISGCxKHZieN864AhI1py+AEI+Htmrh10CW05qpzZwVzz2VFECGzsx3x0C\/nqnxrOECzUm0dPJrMExdTxFcgoqXF011yHCSzXtxwC98icS2pusV+yTjVIhj8CfW1d+8fVhOArSXi3lMMFjUTzDLcJtssGLQ0cjVYbimvwLxyXqTRGVzWkuGVPh50FIqPQeJG1RhCeW0kbFVm7W9b9H9S7klEciP16ZhaTmVvfTTgYqrR2ZJmHH2I61Ib8cJwB7qC65zRSXnWLdZs\/TuFj\/TxT6UrRcMpV1vvOYjns3Gz\/dowyWU9MdFg1sBuoUzdYhOH+xh0gjiOiFR+OmO9yK3di5u27XLW1hOtpPgG+VqRkjURJs2X7eYc\/nVFim9OR2M271rHHTTGmofiA2qRYewVfivK4+jJV2algoPfe78BQVj0lYL8HSL2ZIOVwb7WccV+mHgXVjcaDr8VeGILburQoLgZ3L3Rh6dBmFRFNDAM2F5UvL6rcbC48HPxdFN16gQFsf4yKqOfuTQa4qvxxMeVacwMBH8TyGwIqHd+Tu1k9SeZW9JzAKZNOepT64wLCYsAHDNfrvua7\/DM3Er3\/3ogYsTLe+cEnrJEF0jzT\/pW3BeJvaGd27aJYiI4XXscQqB8hOAXO5tAOPRO2w7cv7WHSnJd8ikF\/boKhx3DSbhEgqQliEpDTKXvGDhrGJ1aXzM83ENzYdrp3w\/qh\/Nf3lFU96DuSvh49grWDQkMeDDWWwXeT35tZD\/9i4Y5fFpZIV6SuRwn5p+R9aNHdnQ\/kTb4S4uHdPEUKPQjKs\/yJMUGcPxicPpB\/EisjPsJJbm7W1mTHU7MIIM\/vWf97H\/qvxLJ4+6dpF7eBxBYIXZp4vqqyNXSe8fXlScBOjZ7KGFq3h5Lsv1iilvMraMq1ISyI1SMlYMJGCypO+r7ZEXKXhAC9eCXv97ngQmCSfOC8yQy0BHfYcR\/GagdbDhHp52TBPv540aa8roHZiDYWEAvRy60ik6jCvbpXWcGapjEPyt9GESjgevqZXh4ByQjZeQa5WOr7Cz5wUS6XJhwdm1wGwlzD8KaiSP5C7Dw5lq8A3RtUTSDSCTiMVWNgdjSc74MQ1jk1g8XF1QA5oCCJKcd6baWRIcuCXGejHzwU++HX+sLNBXpzgm6BOkdcw1rBrXndG\/g9wtAODPp1NIebGIUBA8bwWYJXy3f1MwWV73BLyP6xUng2u8pwIPJ\/w72lzBfeximEN581Pmbzit7uC+88wlAlAmE13UPXh2L6jM7HCsWpxaF79JpkSrnInn8vub5LDlOlRQ7oild8fQrhrbGarKIIrNCdhLZ5aouS96b\/KyopW16Xv2Rc9xFrgSg4ci2RYHCemJZwYuTROMsSoM5X52hZZrrjU0vBuzfjvVO+GgDyIKa39Yoeu51MP+qfWqjdDBZ1wgSVjTNfz3TIE4A4KMb6Cl63\/6TRFZUpnIyceUMCe2IP0kvk+YgXulkcSi0emPStQ4WpWgV8klz3n5cpS0yt5Idvkv4l6FdXHq3kxH\/XTM0niEe1M+4lFJRaB7IvrjklA67KYKUY8KCZs1yVLV3iBzYHV5q5GSPmymAagTbSS0ArTqr6BOKPdX1u6z4BG07x613PW2TE0ODR3DvxyFC+10nNZR4enZpsOrMGbqDyW9yidkPDpiZBhlp7NXIKAxPzV878YoFs420WX+nCtL2rHv69VOeWflwR0tlbrBYDRasBj4Ozy\/MWHHB47HxGgEI6rEo7Bj5A2l4qkAQCBvGYxXrIir5l6wMCH5LO77vM3yVRBZzAmxfDBn1PMfrss3MsnCyKM82azzo1KByvjM7tt+seSzjL4zKeYnBAxt+gpQU9gpBmPO+jlfaa9EfPfXktD24k\/Au+q4dpgZ1kpHdHuNvbEoLWf4GbGEXFcLbRQ85jia+McSrUdVt+gCMMtB4Z9SCaHAATa2UM61MTkweYPjRngskZ+R0ZbPdiORtd\/SbSRFFhpzIJQz\/AsvpOkr6s5utvDByWbKYa8AqQ5Aykc6oJPNVOD8KWUse+gAsIa9vlmRZ2iuMVUUTUHOCazB5EZoseBAlmJ6oc\/B7nctTpL8LmbkTXwj68y1leVMVm9D7vjM0tFwFKja+2ONbRpfRIA0sktOr3ZvqxUJGcKVycsKY4vIDIm5kACo\/TDsPHtL7PoN4CClvCb8kjCdjOHPLu5cD8\/KrvTkAZQtVA9VWz5+hm6Mn+hLgQ7KSw+5NALvBMuWC6ovDO6koaEtI2D2rO5ztN9to\/hy5AEOOCwgnKfOrVYxrml8DM25Ysz0X38zW4Qz+G8fq5qUeDUSWUU\/IZSqDcQC8mgi3n5p\/p3YhvfkfrkJ6vJ6nVIZUWJz+bMTfErsyHKmeoj9Msh7Aw8bNmpqeGEZ8xu1teQ+exP9+TZQWquTpbn2wxK+\/5ziA7OY65TsT44gP6mGlwQXUAUkahCLUd7kfyBjIF5qBtrkbgi0KWQKd4ZWhuLu+o1+dEax\/z5uTA3urCjHPw0CaCWul6eJRh3p18p2GsUeY4YB9AMOs6obyiagcUi+oA8XKl0J\/kC\/2EFYc\/HIECCxc1R5p3Gk8JuXKm8r2pNgmzqVHeTbatHsxapPWERfMh+XtO+ldcvlOBTbgmWeBcfYHu\/js8wOgUStGstFxbu2OwXllx7VU5MkxPvRFteV4cLNjNG+Id35MmSnXrcEEbVEy9p5gZyxXyq79oDrnZ7vw8\/SKfhclqXWwkXIN6Akam13SxsIVdOq6NRuhb01xYXSgIxM7\/qsEwNyCKMzME+EsFyX75nzo4KlkLJdg1M+SYi8T9Ap2MqlAfzWI\/v2YvtEkM0hvK5LqtBgjXdhrrI0roG4RmfJlj+Ll72KiZd+UDQij1bY4IJW4KPauCJZxtpa2lYjenAgTHYgVFVhcxwH6E2QRwdKyyOCSg8BGs+6dP40kQS1hBBfHQsZjaJFUIaEDwoxe8AsdTjTJMdJ+GmcOB2KxLQXTaPKW6EcRL9RPDlWxhV+b5B2wd2Xe7ELG4B8qwKMuIQSfGNkahaIGKLVDksKlHnHebxupiKOsN4L5M5MukkAhKJbldgHZVeYxLih\/FbNPzwMXZ6WJV2P3OausnccFHvzYhRmiN2BsLGpyEh7aonio8QblciYgEQett8fFtbOAKB5idHPPMJme3uSPo25PTlsI4AO8="}
00189{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":41,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":3946}
05959{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":66,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":4192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4192,"pkt_l4_len":0,"ts_msec":1613977602724,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAdnJAAIAGAADAqAG7wKgBstOUG56PGJQIWcP+aVAYA\/6ExAAAFwMDECVZ4hNO+msUprQQcKaCL\/3yGBAWoUYj64f9cTm86oqZu745SoKxxsuQYAO9mkE+kl3WZU56JyXpeD9Q9dkKY0\/k9HglokoqwD\/PKaeQXGQHDlze3UWZzWX7M3YkbrfXVo9B0XdYNyc1YoVAh1u2fzDxKlINbPfkWoHUMQ8nZIKb6NX\/JxvJt+ZV3z9tNmFDuZ2fKebgx+e+GXzUtLy6s80d0KnKzKguedS\/qqCb+izZscPNxegEW+hE3Fkg7uLTrb5VrOunHlTG+RsEq5B06+8BAo1WgmecznEJtQTnySFeKMQuGFltd7jXYfe\/onB6c7qS1Y79roVLvgSrACtJdJzSr1kWN0UMKLfd08WSUcLbDWPj\/pOjgcmroMSY1Hj7A087KqBIwzPBy2q93CgrnT4HGi4SyaOA\/s958H\/QDZsP\/c3SVYfUxbGFZxwkZxb0DZ9PaVrM8pQ6wBt2NnmsJ\/TJYu3vbCF2mct7AEWW59oLz4c5NEj4rcoY2vmRtaex\/qdpOD6NJXj5pzzu13oUmsxbDxAuQVoyLMQts0w1XSSX9JEWzqVxMQiWJTLz7tnGyC6XC8JeNzutQTlWAQ4Y8q\/VE6YRcgmQehn0Y22BVHZUt3+5kvy7RkmOgRho0xOMGkVCiGszRMuirOFeZvH6wWbLe+Fqj8Mi41Rmi4hce2LXdbh\/nnI+N\/M6LYeTfPpUhZlkDiindRksMlMqNGHRRKo5DXuCgeOhv61elHVCGu2CZbNyUaBb5DSafomMamhLQJShqN6BSJCQMF+WqcTmhrMW9ZJWPgO3bdvXm7PJM3OecPj5zhu3pohdn3NDRHh3PdNbz7zOgSGyDx+ahpDteCKVu50k\/yZTlvDshm\/YyFbn\/\/bMGVsNnRvRpJ98A93CU1UaSTt6hnIBuvkBIbWCyoMWo4peilViV4YoIcTGJfxkhiQRhr\/oPHRvHxl6aKgAh16e1JrhFkxWTIb0IYO73FqZNEjt61DIqtNhgAeckGVHmpFZkBccd36l56nSXidKhRZCHhScRwXsCp9CnbtM14Esfe89RvdsvHKWQQk1wmym8yLa8+8x4APDEKaMExSaHu4yo06DqC3QKwx0A7qUkDDeX6kSWWFyTapoM313GMCgfwncy+02oxDnPtMInB6+4PjZQmCuuyyargXr+VTCW9GbCaPFbAVsKj7wvvZVu+5JPsIF5cGtz2tekBDhaYgSeKrDHBSLijGLXRMttHI1gjAQqLhAPykbBwb49rWbuHep+CXuOnblyov4Z0CQne\/wPcuE5\/MqkJyidSQI0HYwJ80nOYKCz1oqJBpj5BLzm38nHNix+VBypcYqnGAFpB7kGamJHKyVsjT3myN\/vstVsj6+2qofVEtzr2JzCVp5lRGt3nI56wQ5wn69jyak2oqNqzMsR0mtMjO720o+Hvr\/B3Yat3rmjFTJGKcx9XdI6OXYWfUrYU3lcdVfD9BHqVWnYkxtHpKz\/hWy9PkGwdnlBtmVUiEq2T2rbsXjzRWRJCya8huquQm3tH6V2+LvRLToXFBBvqARAac8bdF\/Dq4o2ZChH9gzIVrnG0TthLqMz7Gh8HnmiGoyLFNX2mEc8TAfE75VcjfQnK+F7sMW\/2j2Emvk6kTizYgztT6xdNM+kOFhmgkqaD9auk7yd3Llix4iCr7rC65yxoozOAtnAE7ugv7ryyE+i4KT9zAadUISewEBm\/LHKh7brKdfShfHv4gkvIqy2yNtvlmmr2nXt3qmhdK+JBkCv+eK+pAnjQEFfoy0EXZxQ6hPQQfANQUqHxlfTqWA1W8HcVpgqAtUABMKyJH68BMn1G4VvonTESCw8lPWd+trvPElME4YhaRe\/13eGmjYPu\/4zPZkHLvkz9wwVa8MNG9vBc8pzX6ms68sBeV\/2q366kDZA9QBeDJLpKZevIJ\/sP5Z4DYWiNdSOjRB1jfWALeE+mL4LHNIfHJ7Z4NzaOS+i9+DcHqapIjAOuMaH7CeT0\/Pce2jAxl9MsfNrjXO4nDba5Rj1wtPlrKEgzNx4I8RJAsUg4\/wSOjJCZz4UZqdxa75zjaXlkOqX8uiV0V73GVvlV0lWe+sOp9xbdFSfaG4TVfe9SZDkN+p0pC2ffTWANXAViChoMw6UhCy1+TZvuJjQshHlS+MicWCcQplbbWuCVDhaK9CyCR03rDKWm58a2iPDRvOaTsud2TP2aCmFDhlWEg4lBQdpTqyH1yo9PTeHLk+9EOu5jVl+04ESOb\/N16YGUovGlc43iQrZI6qZSOWcQKkZOu9dbYynxBZfbRu682xdxK\/zH5VIl+uv7FXg0up65DfvJfHWDjz4SKxOoYB4k\/jJgzDQA7yZhJbvxKFLcBP87hDhl3LE+7BEGakOCaw5bkYPN1j5zKMbBj8kfDr3jGr6HrDqCOxtbDg3wQ3MvH59CFwPoZNNk0\/wFxfaJ+sqIM9wQqSJU9W6Iloo5cren5bpayTyUp3Wci0uOoXMteqlZWBI7uEw2k7d+cwi2NJOxbZGdWLHQkdfqHykoXc6BNB69Tp\/7sbE3u6vKOtJvtq\/PvRAxIB7xYJMOZ0aAsu1leVcgg2bXBcVgXv1xihW98mC0nor7WMN5VnPeZ2tm8ZFAK9T9SCDrXxLLDajbpm\/KEcFva8k4cWUtVh6TQPnflts93Z+jyJuM7XYJFHhkKt8RsLCMQ58SISszntDBI+KDmDTpq1qnp7L7DF57PRhbjRLV6ZzW83Jyfo52HzZrzID2A+H4W2xXqJfnWhHT+0f64dmfezHIwfYc31Ff3lQvNOP2JmgEcu1xxlrZ7cj3vAiIrSmhGYJjJb3IGCsfpjeQVpkdTnXJfECE9pFmC8WNuu0xIhcGpbMwAH9FyJEKxYwSCJOBrRwe5xEq61Mk1xrMYVUiusla8COC7gSALtvRXgzba+n+pOse25W4FCEPSotEZyJYm+ZoB94aexu0En9VvCHkr6Bn1kaxQKXkShW+rSVBp8VZCGWZJ5u3E\/v6brFMy5iqhgAHhAIhKRgtmiMgu79drOIsylnBhzE14f\/octGhZkcmqRzN664TfbYCFx8ZB40bGeunML+jrox4HD+f1e9MRdNCZsa\/QKt0gnrEZ7VvIWS0X6u3NVtU\/bHVpmXEEjBilRP67uCI2QAsIjeqK5P3Aywn2mKPyYmiAM9Fuj7fiieYtzZJXCemq3Z54S4KgGjrl3RN1eFKyhLt4UhkB\/voYMQuEDQ0VMp\/7fjZDcrBbsAYAVi\/\/h2i5VFSc22QzmlJKwGg75jJKCtv2BY9UqbpKVARo6wLtF02JNfBoAF4dG7KYqqqJ4aANpjVvzAilQr3\/i\/YLyvuIJkcLcvVLjTPmigaZLFvgdR2BzziOOgyz+rWELhTiZO3O4cvQwDeoGl2VXTV2K6O66nEvnOZs3EO+Rn\/muWs0BvGC5xBpCJiC7We7I2k99BcJHFtlyMJvAIHUIa73dUIOw\/f4gIHxuoGntDGvJhlgvl6RFZmOG+url3+cIzZV4uGJzL5U9MGukmO3qu+C9RsWTrPw\/V4IF0dT8F5\/SUIyiUQn+n4YjtcPn+6aKl43nhmyJCVyvXQtKWk\/mW1GRQRDtOZPbNIViztVETsrfUUSxN95cVPNw1O7eYWi8yCEoLqSREzknZUhgukEfux1h+C4gNWTRiQWaFCY24MKbevWZPfVPKTYIaHusksoNAA7JOEVpVD+hgEla+xn6+w8qS+dRIEa5EJThv\/wYA2hoEzxzwzt\/WKYQVYoY7QC3dw\/aJC6kFV1rW4HPKOQIVQ0WRur3rJzV7cqzPxCAkBQaJNgrP2RYDTEW7a54Ew2BJV7tG27Cv32v8s\/3gwS3ohqFDURP6Zw+ocRcxr8BMI9Az2dqkTJRCrPdubEjy5dGt1K+6bYBejmy18n8HKpKVNffGlqlfaJ70g7w2kYNkUNyoHvPvdK9gp34XV3LJGFi9dTmcdNENQCw94Ftwhn0CLlJEXW9EnfiffZnPJIlev5GAeCQD1+4fgeeS9W8m3VAso6ewPJfBt+xi+LI9j2VjL3H4PXm1d9aVa1FXjVep0uWM9bKdprw6BM0liZaHLKkVHCFcwlsj4kpg\/nvhgsiy4WGOSaKDtNpANBj+bmE8GiRm9CYgEmx5ulTEBvQna1YSQnDxITBSVbC5sYXnOvdUurfH2V+M\/ovvhaTaC7BLTOYK\/DmIQZwFzlpHuchBVOM0dZeSZ2oM7frLsnqqx6ZnNgrpSotYTMtFnxqL+CsfLSCZHGwVdTtBQ6VZeXX3Ke1YnJgeMuINTx8EdGbMT2Gjcy2NAO7JeEP5BD53QX3KPVqP8nTsRQm8KhtFHJQhOZHZGUa4WTjbPEZR+LIGxIxdDGA8A\/+CtvQST2MyyLsB9o8A\/lDjsDRsd2rw6wIq\/xsbNjc2Tpb1u1tbCWpmGUHbsnK6gH8btF+nStO0OMW2hgzOhMFzzmcmZFf5EZbyqonDxHWUejhuXVqlVO3Wkguxmy5MWy0q1HWPa2\/Bmk\/eeduKDzyIbQVIuw\/eSMmG3usQ5ywpqfYGiXHTGsEDke+p28IG0b4jXxxmkpHXxVuN88OHDDfZbBMmU3YIUQSAxSTlfEkSjNBlV4XzAsdoYaiZewSWBGaonP0l7AJZKwlUBRHA9I9Cf44lLDcMG0F6e6ibHSfb30U+Ma8fKc9GX0hpMSVWvnu86dyPsnA+8GYg2Gw516MasDvNv4bAXzm6TheUfHO2p0TEvCE8yK5KTSq6XbTtRcCtpuZwxeEtfaQuefZH\/gGTPDg9XnLrxZGFwKiI70AMN6ud+p0pIgHQ3X3LIoMWHfbj\/Yh3hVi2Whr5vTyfhL71AECyG35auHZMTXMjl\/D4NEj+t+w0kat4W4GuE+tsm7ybUL+V4lTfC7odPRD\/0a0bEkC0TUkihprWUyaQRzAXiYMAmf8JzVm\/zGFbzBZFcCKBSOcf6cjO0SLVwcS78tbxNYlWRzVyrpJawM71C3Pc\/VrySmGIaFr18cRBQEyq2XKLHfR7cnMdcIGCOAEYcidqXcnPvS7r2wBwcU3RXoKnCBq3dnrVlq7kJS7Fk6vjCQX50PmIi0wXdzsHBsC3oeGZmpq4GV\/KBDq3xv2Y5UCt\/3OykZXEZ2p72Dv9pWRjXpAP+ugytg0DqcahOkcwQua19WVcoTvJtZAdb\/ySWYpKHc9rU650iXz+87h5gsYvH7\/qlRPUSzQH4qUTdc1gN1Zj2sp0WCwQziq77v5frBJ9CwPRZBWYf+1VG0gBiHxSBmkNwfKkgh40c9vgXkPn4k+ISkqyzSc4ZJO2oSnHQD4PQr4vQAyjnySF5yx7puR9RNBBA+z9iHLbuilG\/WmezQ236+R6m3tYZAroi4IQz9xPjW\/Wf+i2JFZ155jnPBC41drFwyzHBw5tnEfjhXTEH3kgTxfnxyIp7wz\/Xs61VrXWL7kt9aPCARKkryHxsEDG755drDbrKwXri6PL\/mtmebFDabwfGiNKSSiLalsX7CU59fFMG6A+B++Jzafj\/+8hZCqyp7QLw=="}
@@ -897,10 +897,10 @@
00191{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":2511,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":1581}
03231{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2513,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":2180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":2180,"pkt_l4_len":0,"ts_msec":1613977618195,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAiTlAAIAGAADAqAG7wKgBstOUG56PNqDiWcRUSlAYIBKExAAAFwMDCElZ4hNO+msXh2bUnODOizPQiAddzId5s0L6Tw4B2tyJ0YG6Lk9xeCjCkk5iyV\/TcZ+MkCeyOMxeyKngR\/0L81CbJvcp2HY5+PJ99RjORMM0hFqL0M9FsClysAMVqzfPzL0uTI+AMuQYjmp2qqS3n0jD5Mc\/OI6AQf5alcy5blcc+SRlMpLpNTjaoZqhbqyN2OjZAQ0RCghY1jgDpcpPpjzXwFfM+eUtNLtomqzUozUMvSGBCPubR8ysHpKf08rz9nQsYe\/eQy1W+fGZ3UevRU4e0ziP\/Z4ImlVCjTNEZ4Q1m5e1dfxc\/2iPO\/xRUkfR9tTq5C7ck1L6BG5Sbs7srBImqkQCfZO0borStlxpNfdnOV3FAeKPjPu+OB0GQFdSoxU3ShgSCS+s3yhVPiImHbrFfcRtfPcymodIF1QSeUI\/b4QvFBs1xUsetwKnOpQQqQSJnJmm5p8kAXEr+E17QnDNbQ7YpszC1yHmy8ntEIl3A784f8yXufRNOYJFir+O43BaD0qfe\/E8ybQFEb\/wMzNxH0PbiaGM6fZuRxuetCSAU5wDWUE+emEiVkHNdRsVQGRAbJoutoRZnkFzwA6CyosjbLdzxuScaUYQtz\/x4oANzVRMAMzmVJ4c5nalbJW8JxLGB5MZQ9JCVYtUqHLLUdCfyU4E4HlGdK5rNarSj3ruUr+\/5kCGel2xiNIDS+c9xxjT8sS4zj8gfHVq5EP7LPuFyWrTkRmqr600UXyM+yqOFXwyU43fpvj4RXm\/bDgFfkcz2MeJFCky7zPaaOAskDznNnLRmqzyBHEcnqVNwNVWmZnSPzmAPX1eSxSk78DEv\/4pC1Zw33pmGNtPqwzbm4adGRSJMpXA1ESn83MO5nw2tlad\/f6XtHIDIIFcAd2ybubKHggF1GlVj0fZ3rkpkpXpbeP4HjVWCmpZlmt5hrqOnYKCXIoA9d5Q9eU9x0bDgEw8UsAs8Z2cGt7PGrb+Qv7bmsIIrtbYJoehXXLytxGqTyGFHgdtZ1iR39hZ3t83j6Mygm3lc680av6XxYpuCod\/9ENBc+yDd51\/4a1SVvyKfKpS1J1NPGkdCHXxqze5lGusMv4rpLextd++aXgXm4pp8tC9u7v0Y3ESoZOdsgdZjwRtBAwxPUuMR+bTiGlzmFAWnBxEgtA8qwqoeJ8fN2BBhxRSoyiJIjvIbrD\/ViWh8M6a5vCi9FaH2BHmTSkUujKoS4Ui05Uf0s+HwGa2T\/ncn+QF0sBjLTpC3akoGTkw2dqmGtGGg9JL9sxQrC3Z8P2+K0kklga\/87NYKb1gwl8HI5zrx04BnBtRZsYBSRVsc1GywvAc13NndpSo5neCnmnBd\/1I9+HIxUef4wi7p4C66Y0I2booJeN+ZoBGc\/1Y4vtaXbEsPJKJMDqB+BLCw0nSvSbDYYxB91phOhOel5GanFtMg+9nyM\/3XGQvKxO8noAo3CMoOyP7NgQIfjHvFH8Bz6xZMI7QqDGNnOF1uX5CACJ7YsOw8FPJLyQlYtZFFGiMTTrapto3gMpziUDCXvss50gfevS3poRlxl+s6OS85vpXalhuTHFjf8vGxSXfWFquDf1RFg9CUy8zk9PSl1vxgrx0OTqElj9oGT3+Vx3qZgn2bqf+592wbJFWx25hJrBNvBVEbn+OJNrZuuEh1HCoz98Rw4ULrJKM3qfOdDRZ2usK\/f4PyleqeEhwP7aUVZX0wKYFXL2UxfGiK7yY36SpPBq3Ln32t6dvMpaObtqNj+Kfr4ImRxmqQhe0B5zTHV67SrOYPC5E+e3BuEgNN6g9Xu7lBtLjFEUVfT\/s+OSTv0ASorfZmSXHEGDDlch1PtzQNW9Rg1xFAIoMDwxtBj3jiKEIJKWJ2FNgC2FjB+FshqIdc1deJTLE2ymgSABs\/nFAcJERH5Eh8SDc80l1fUqtgee0KKG7+UiEYG9HBLhxrjLYpW6nqwKOnP5iS5J75eSdcaJPQ2RCDoI48f54M\/u0C5mjF4KxZWfbF6W+LA7ItzNMe\/dXWOBsTFS8qH5T20g\/3IZenJtIlcn5ix8kqRSNhmkt78WK6PYEC8Frnz87GbQ2+TF1AIO24YEByT38EkpPfVZBJEKa7vsROTk\/wrD31hqsKtZVqrDC7NcjVOE7GiftEXF+1sA8Yo1W\/gcl71x2tP6c6oxG0OS7vSR61oZ9c4wtxmZsalZYl9wvy0wjtzOgCqQPbk69W7bNvn1ZXADwPJ8YWuzH9z1aPWM2csOqghu72ChTMW2zQtB\/qGY49wPVNjYcmbEB+443LWlsFCjcunDLVmzxVAIJIet9kbYse0PhUurR66Ele1UdzzsBsHU08\/5dPnbKk+8hDJCPyIztDNktODA9+bPmDu8JJ2UixUjK4TEzkxYFIQMx0hR4gryqlUJRl1sbbMr7VctjZdbpqLiiFuSagY+pSdIQ8GPFcdtrfWsXnDYoiBXJ\/5j+UKyYU4B2pUY38w+mhHW38VyltT030eEtueb0ipynzmIgzRdJZ\/W7TPMibiy2oykdpbb6SZ1ujx16jzA3iU7pPElUkIOkKOSxtREPgbzIlknPYKGoBQHdq0GpxSL0i9d7GU7NtI2fcQYpwP4X\/sj3JNdosmuOXAeEPYsSMWQmH+qrj6FSm9gE+WhZfWc2hGNRD7Y6OGdYaU0Q60pRVRul0FACZqyMrb5y97MpVuuqRxKzn2r7P+Z+KtgKO7S7rNMVQmOq0tVktiH\/Ws836Z6\/328nnzLauw2NXRu0qwbtytvVv0f2sBuTbqbURJET4ciDSSyF7wux7TlhQsY\/qPPlXKBUkVGHetfK0nSty5hsQc12nShr9kuLAog="}
00191{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":2513,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":2146}
-00861{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1613977595407,"flow_last_seen":1613977595964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1286,"flow_tot_l4_payload_len":3316,"flow_avg_l4_payload_len":221,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
-00844{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2064,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":223587,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
+01293{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1613977595407,"flow_last_seen":1613977595964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1286,"flow_tot_l4_payload_len":3316,"flow_avg_l4_payload_len":221,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
+01195{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2064,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":223587,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","total-events-serialized":904}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2521/2083
@@ -910,9 +910,9 @@
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4671214 bytes
-~~ total memory freed........: 4671214 bytes
-~~ total allocations/frees...: 101651/101651
+~~ total memory allocated....: 4755183 bytes
+~~ total memory freed........: 4755183 bytes
+~~ total allocations/frees...: 103241/103241
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 166 chars
~~ json string max len.......: 7845 chars
Powered by cgit, Themed by Ted Yin.