aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/false_positives.pcapng.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/false_positives.pcapng.out')
-rw-r--r--test/results/default/false_positives.pcapng.out48
1 files changed, 29 insertions, 19 deletions
diff --git a/test/results/default/false_positives.pcapng.out b/test/results/default/false_positives.pcapng.out
index 7ef88d2db..b338b9e41 100644
--- a/test/results/default/false_positives.pcapng.out
+++ b/test/results/default/false_positives.pcapng.out
@@ -1,5 +1,5 @@
-00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666211795792449}
+00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666211795792449}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795792449,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795792449}
00468{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAEAAAAEgQBNQoEAQHEIAEUwAGTH7QAAQBF0ZgqGGUwKhA+wCGgIaABQydQw\/wBAA9RPVEUAAEAAAEAAPgafJwqM5xqfQQyp7xIBu70k08cAAAAAsAL\/\/zWOAAACBAW0AQMDBQEBCApIjJmXAAAAAAQCAAA="}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795871687,"packet_id":2,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795871687}
@@ -8,7 +8,7 @@
00882{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":435,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":435,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAEAAAAEgQBNQoEAQHEIAEUwAZ3JqAAAQBFxcgqGGUwKhA+wCGgIaAGJx2Iw\/wF5A9RPVEUAAXkAAEAAPgad7gqM5xqfQQyp7xIBu70k08h64qnngBgQIDa1AAABAQgKSIyaGnITADZHRVQgL3dzIEhUVFAvMS4xDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KSG9zdDogd2x1ZG8uc3VwZXJraW5nbGFicy5jb206NDQzDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiAyZUJpallVakdXQkhENFdZRDA1ekhnPT0NCk9yaWdpbjogaHR0cDovL3dsdWRvLnN1cGVya2luZ2xhYnMuY29tOjQ0Mw0KU2VjLVdlYlNvY2tldC1Qcm90b2NvbDogZGVmYXVsdC1wcm90b2NvbA0KU2VjLVdlYlNvY2tldC1FeHRlbnNpb25zOiANClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCg0K"}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795991725,"packet_id":4,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795991725}
00702{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":298,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQANQoEAAHEIAEUAARTtiwAAOxFTSAqED7AKhhlMCGgIaAEAAAAw\/wDwHEN000UAAPCpt0AAMAYCwJ9BDKkKjOcaAbvvEnriqee9JNUNgBgA68D6AAABAQgKchMAVEiMmhpIVFRQLzEuMSAxMDEgU3dpdGNoaW5nIFByb3RvY29scw0KU2VydmVyOiBuZ2lueC8xLjEyLjINCkRhdGU6IFdlZCwgMTkgT2N0IDIwMjIgMjA6MzY6MzUgR01UDQpDb25uZWN0aW9uOiB1cGdyYWRlDQpVcGdyYWRlOiB3ZWJzb2NrZXQNClNlYy1XZWJTb2NrZXQtQWNjZXB0OiBwVURxeGNYdy9zd2dQU2Y4aFdtM2JBMXZKUU09DQoNCg=="}
-00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1715158193086997}
+00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1715158193086997}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193086997,"packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193086997}
00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQAPpoEAABQIAEW4AMgAAUAAfBFgjgrAXFEKiCtFy2ZSOAC0HY2ACA9iQ21r\/DQSeFbV1dVV1dXV1dXV1VVV1dVVVVVVVVVVVVVVVVVV1VXV1dXV1dXV1dXV1dXVVdVVVVXVVVVVVVXV1VVVVVXV1VXV1dVV1dXVVVVV1dVVVVVVVVVVVVXVVdVVVdVVVVVVVdVV1dVV1VXV1dVV1VXV1VXVVVVVVdXV1VVVVVVVVVXV1VVVVdXV1dVV1VVV1dVVVVVVVVXV1dXVVVVVVdXVVdXV"}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193106355,"packet_id":6,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193106355}
@@ -48,7 +48,7 @@
00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158216983863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715158216983863,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1715158217003863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158217003863,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAAEQAB+EZfbCn5GQwrsB+Fc6MPwALQAAIAIDOAbyM0ONBJ4VlVV1dXVVVXVVVVV1dXV1dXV1dVVVVVVVVVV1dVVVdXV1dXVVdXV1dXVVVVVVdXVVdXV1VVVVVXV1VXV1dVV1dXV1dXVVVVVVVXV1dXV1VXV1dXV1VVVVdXV1VVVVVVVVVXVVdVV1dXVVVXV1dVVVVVV1VVVVdVVVVVV1dVV1dXV1dXV1VVV1dVVVdXVVVVVVdXVVdVV1dXV1dXVVVVVVdU="}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1715158217023923,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158217023923,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAAFQAB+EZfaCn5GQwrsB+Fc6MPwALQAAIAIDOEbyM2uNBJ4VtXVVVXV1dXVVdVVVVVV1VVVVVXVVdXV1dXV1dVVVVVVVVXVVVXVVVVVVVXVVdXVVVXV1dXV1VVV1VXV1VVVVVVVVdXV1dXVVVXV1VXV1VVV1dVVVVXVVVXV1dXV1dVVVVVV1dVV1dVV1VVVVdXV1dXV1dXV1VVV1VVV1dVV1VVVVVXVVdXV1dXV1dXVVVVVVVXV1dVVVVXV1dVVVdVV1dU="}
-00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":95,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1715244365850069}
+00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":95,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1715244365850069}
00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365850069,"packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365850069}
00457{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvZnwAAOxGNmwru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjKyKAdgMAFxyoAEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="}
00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365870420,"packet_id":96,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365870420}
@@ -81,29 +81,39 @@
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":109,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvgigAAOxGGsAru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjIlSAdgMOFxywwEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="}
00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244366150574,"packet_id":110,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244366150574}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvhHwAAOxGGGwru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjobKAdgMPFxyxYEAQAAXwx+5Z\/fx\/fVHvy5hwGAA="}
-00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":115,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1722795102659035}
+00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":115,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1722795102659035}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795102659035,"flow_dst_last_pkt_time":1722795102659035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722795102659035,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1722795102659035,"flow_dst_last_pkt_time":1722795102659035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1722795102659035,"pkt":"CL6sCxduJjb1W8R1CABFLgA6GMRAAEARbpvAqAycOYCsYZMRJv0AJqszaAAPUYSgbEfxN9Y8wUZQdfxtl0Qa5VQhmMi9Nk0X"}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1722795102659035,"flow_dst_last_pkt_time":1722795102683745,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1722795102683745,"pkt":"Jjb1W8R1CL6sCxduCABFAgA6zLVAAC0RzdU5gKxhwKgMnCb9kxEAJt9aNAAPK4SgbEfxN9Y7wUZQdfxtl0Qa5VQhmMi9Nk0X"}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1722795103171662,"flow_dst_last_pkt_time":1722795102683745,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1722795103171662,"pkt":"CL6sCxduJjb1W8R1CABFLgA+GPZAAEARbmXAqAycOYCsYZMRJv0AKnLdIQARFdhiP0T1f\/Fgd1gOLZUqyBFtfSnaAZ6RACupnbgY0Q=="}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1722795103171662,"flow_dst_last_pkt_time":1722795103195033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1722795103195033,"pkt":"Jjb1W8R1CL6sCxduCABFAgA+zl1AAC0RzCk5gKxhwKgMnCb9kxEAKhcefIARV9hiP0T1f\/Fgd1gOKpUqyBFtfSnaAZ6RACupnbgY0Q=="}
00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103195033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1722795103670366,"pkt":"CL6sCxduJjb1W8R1CABFLgBEGRVAAEARbkDAqAycOYCsYZMRJv0AMPyVD4AUTLPML0b7cBNBNNvKcqA4d1QFMSncQBKGQnoA2FojtdNgQfDokw=="}
-00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158217284062,"flow_dst_last_pkt_time":1715158217274095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":3096,"flow_dst_tot_l4_payload_len":2064,"midstream":0,"thread_ts_usec":1722795103693084,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
-00997{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103693084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1722795103693084,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103693084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1722795103693084,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":120,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5368,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":94,"global_ts_usec":1722795103693084}
+00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158217284062,"flow_dst_last_pkt_time":1715158217274095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":3096,"flow_dst_tot_l4_payload_len":2064,"midstream":0,"thread_ts_usec":1722795103693084,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
+00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":121,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":92,"global_ts_usec":1729281221506087}
+00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221506087,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729281221506087,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":77,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1729281221506087,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1729281221506087,"pkt":"LOp\/QeD9NO0bVMeBgQAATQgARQAANBgFQABwBjmQW+61FVkfTwyMMA099+lCngAAAACAwiAAwSsAAAIEBbQBAwMIAQEEAg=="}
+00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":77,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1729281221540090,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1729281221540090,"pkt":"LOp\/QeD9NO0bVMeBgQAATQgARQAAKBgHQABwBjmaW+61FVkfTwyMMA099+lCnzr+l11QEAEAT1MAAAAAsF5ivw=="}
+00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":77,"flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":105,"pkt_l4_len":67,"thread_ts_usec":1729281221540163,"pkt":"LOp\/QeD9NO0bVMeBgQAATQgARQAAVxgIQABwBjlqW+61FVkfTwyMMA099+lCnzr+l11QGAEA\/zwAAAMAAC8q4AAAAAAAQ29va2llOiBtc3RzaGFzaD1XRGVwbG95QWQNCgEACAADAAAA"}
+01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729281221540163,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
+00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":77,"flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221544114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":77,"pkt_l4_len":39,"thread_ts_usec":1729281221544114,"pkt":"4N\/\/\/\/9Vzup\/QeD9gQAgTQgARQIAOwRSQACABj06WR9PDFvutRUNPYwwOv6XXffpQs5QGPnRExQAAAMAABMO0AAAEjQAAh8IAAIAAAA="}
+02229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":77,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221579370,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1255,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1255,"pkt_l4_len":1217,"thread_ts_usec":1729281221579370,"pkt":"ICAAAACqLOp\/QeD9gQAgTQgARQIE1QRTQACABjifWR9PDFvutRUNPYwwOv6XcPfpQ29QGPkwq50AABYDAwSoAQAB\/wWJUE5HdGR3DwAAAAAAf0VMRv\/\/VEFQRUcU9v8A\/wAACYAAAAANbgAQUgBd4VtFUw0IjADoJAAAALMDAAAAAAAA\/0AAASAAAAAAAP0AAP3fAAAAAAAAAGAAASg\/AAAAAAAAAP9AAAEAABMAAAAAAAAAeAAAAAAAAAAAAAAA8wYbBlwAAAAAAAAAAAAA+QAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaW9NPLKhOgAAAAfH\/9K+TWstY3B1AABlAAAAAC5pbi1hZGRyLjUzOUNXRAH6\/vX4Cn4KClBBVENIRnhzZW4K\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/90c3A6OC93LXNwZWVkdGVzdC46ZmluCn4KClBBVENIRnhzZW4K\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/90c3A6OC93LXNwZWVkdGVzdC46ZmluZF\/\/\/\/\/\/dHNwOjMyNzY2L3ctc3BlZWR0ZXN0LgAAAAAAAAAAACUlJSUlAioBAAEAAQAAEwAAAAAAAHgAAAAAAAAAAAAAAPMGGwYAAAAAAAAAAAAAAPkAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGlvTTyyoToAAAAHx\/\/Svk1rLWNwdQAAZWcAIHQDgDPzkMBTUC8AAAAAAAAAAAAAAAAAAEQEACCYHwAAEEJlYXJTaGFy\/6L\/AP\/7kAAAAAAAAABEBAAgmB8AABBCZQIAAFEDA2cSvMWWkYyzx7Ss5WFXZ5It9dLKzlwyygR0gzvlqL94IIwSAABO19BXj5zRtWU0AI21SUhoyKea4\/bD1KKGerZQwDAAAAkAFwAA\/wEAAQALAALeAALbAALYMIIC1DCCAbygAwIBAgIQFX7boZ6cZbhM0jiYmcrPKTANBgkqhkiG9w0BkAELBQAwEzERMA8GA1UEAxMIdG9wc2Fsb24wHhcNMTI0MDcyNjA2MDM0MFoXDTI1MDEyNTA2MDM0MFowEzERMA8GA1UEAxMIdG9wc2Fsb24wggEiMA0GCSqGSIb3DeD9gQAgTQgARQIAOwRSQACABj0ubGVmDFvutRUNPYwwOv6XXffpQs5QGPnRExQAAAMAABMO0AAAEjQAAh8IAAIAAADFvBJnu9EIANsAAADbAAAALOp\/QeD9NO0bVMeBf\/\/\/svf\/uwUAyRgJQABwBjj3W+61FVkfTwyMMA099+lCzjr+l3BQGAEAqD4AABYDAwCcAQAAmAMDZxK8xX3QG0v8NPsGPyUZF2YMDeWQrPDp8009Ai1q4HoAADjALMArwDDALwCfAJ7AJMAjwCjAJ8AKwAnAFMATADkAMwCdAJwAPQA8ADUALwAKAGoAQAA4ADIAEwEAADcACgAIAAYAHQAXABgACwACAQAADQAUABIEAQUBAgEEAwUDAgMCAgYBBgMAIwAAABcAAP8BAAEAxbwSZyrXCADnBAAA5wQAACAgAAAAqizqf0Hg\/YEAIE0IAEUCBNUEU0AAgAY4n1kfTwxb7rUVDT2MMDr+l3D36UNvUBj5MKudAAAWAwMEqAIAAFEDA2cSvMWWkYyzx7Ss5WFXZ5It9dLKzlxkIDQuNC40OyBNSSAzVyBNSVVJKQ=="}
+01701{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221579370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":1216,"midstream":0,"thread_ts_usec":1729281221579370,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":""}}
+01703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221579370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":1216,"midstream":0,"thread_ts_usec":1729281221579370,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
+01038{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103693084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1729281221579370,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated","category_id":0,"category":"Unspecified"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103693084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1729281221579370,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":125,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6631,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":104,"global_ts_usec":1729281221579370}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 120/36
+~~ packets captured/processed: 125/41
~~ skipped flows.............: 0
-~~ total layer4 data length..: 5368 bytes
-~~ total detected protocols..: 1
-~~ total active/idle flows...: 2/2
-~~ total timeout flows.......: 0
+~~ total layer4 data length..: 6631 bytes
+~~ total detected protocols..: 2
+~~ total active/idle flows...: 3/3
+~~ total timeout flows.......: 1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 8426001 bytes
-~~ total memory freed........: 8426001 bytes
-~~ total allocations/frees...: 144781/144781
+~~ total memory allocated....: 9213032 bytes
+~~ total memory freed........: 9213032 bytes
+~~ total allocations/frees...: 149845/149845
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 310 chars
-~~ json message max len.......: 1002 chars
-~~ json message avg len.......: 655 chars
+~~ json message max len.......: 2234 chars
+~~ json message avg len.......: 1262 chars
Powered by cgit, Themed by Ted Yin.