diff options
Diffstat (limited to 'test/results/default/fuzz-2006-06-26-2594.pcap.out')
| -rw-r--r-- | test/results/default/fuzz-2006-06-26-2594.pcap.out | 220 |
1 files changed, 110 insertions, 110 deletions
diff --git a/test/results/default/fuzz-2006-06-26-2594.pcap.out b/test/results/default/fuzz-2006-06-26-2594.pcap.out index 4a83559dd..e384291ae 100644 --- a/test/results/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/default/fuzz-2006-06-26-2594.pcap.out @@ -1,5 +1,5 @@ -00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1120469540839312} +00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1120469540839312} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469540839312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469540839312,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaYwAAIARTMHAqAECwKgB\/wCJAIkAOlu0hOcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPU0FDQUNBQ0FDQUJNAAAgAAE="} 00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469540839312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_domain"}} @@ -48,7 +48,7 @@ 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469576245476,"packet_id":23,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120469576245476} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":23,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469574242837,"pkt":"ADCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1120469578248603,"flow_dst_last_pkt_time":1120469573246062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469578248603,"pkt":"ADBUADRWAODtAW69CABFAABIaZwAAIARTbXAqAECwKgBAQqbADUANPFWONMBAAABAAAAAABJBF9zaXAEX3VkcANzaXAJY3liZXLyaXR5AmRrAAAhAAE="} -01330{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120469573246062,"flow_src_last_pkt_time":1120469578248603,"flow_dst_last_pkt_time":1120469573246062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469578248603,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyber?ity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01338{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120469573246062,"flow_src_last_pkt_time":1120469578248603,"flow_dst_last_pkt_time":1120469573246062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469578248603,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyber?ity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00326{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469582254242,"packet_id":25,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120469582254242} 00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469578248603,"pkt":"ADBUADRWAODtAW69CABFAAB2aZ0AAIARTbTAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5TWRrAAAhAAE="} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1120469589080368,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469589080368,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaZ4AAIARTK\/AqAECwKgB\/wCJAIkAOluxhOoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} @@ -92,7 +92,7 @@ 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469554654733,"flow_src_last_pkt_time":1120469554654733,"flow_dst_last_pkt_time":1120469554654733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469620579207,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":49973,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469632829277,"flow_src_last_pkt_time":1120469632829277,"flow_dst_last_pkt_time":1120469632829277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469632829277,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1120469632829277,"flow_dst_last_pkt_time":1120469632829277,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1120469632829277,"pkt":"ADBUADRWAODtAW69CABFAAA9aaoAAIARTbLAcgECwKgBAQqfADUAKUpe7dQBAAABgAAAUgAAA2Z0cAdlY2l0ZexlA2NvbQAAAQAB"} -01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469632829277,"flow_src_last_pkt_time":1120469632829277,"flow_dst_last_pkt_time":1120469632829277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469632829277,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ftp.ecite?e.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469632829277,"flow_src_last_pkt_time":1120469632829277,"flow_dst_last_pkt_time":1120469632829277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469632829277,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ftp.ecite?e.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469633828778,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469633828778,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469633828778,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469633828778,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1120469633828778,"pkt":"ADBUADRWEODtAW69CABFAAA9aasAAIARTbHAqAECwKgBAQqfADUAKUpe7dQBAAABAAAAAAAAA2Z0cAdlY2l0ZWxlA2NvbQAAAQAB"} 01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469633828778,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469633828778,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469633828778,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ftp.ecitele.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -126,6 +126,7 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635046983,"flow_dst_last_pkt_time":1120469635046983,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1120469635046983,"pkt":"AKrtAW69ADBUADRWCABFEAAreQ5AADkGcR2T6gH9wKgBAgAVCKDlH5a+r53DLFgYYzbRlgAAIFUKAAAA"} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635048287,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635048287,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1120469635048287,"pkt":"AODtAW69ADBUADRWCABFEABjeQ9AADkGcOST6gH9wKgBAgAVCqzlH5bBr53DLFAYYzY9pwAAIEZpbGVzIGxhcmdlciB0aGVuIDI1ME1CIHdpbGwgYmUgZGVsZXRlZCBhZnRlciA1IGRheXMgISEhDQo="} +01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635048287,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635048287,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635049544,"flow_src_last_pkt_time":1120469635049544,"flow_dst_last_pkt_time":1120469635049544,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635049544,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635049544,"flow_dst_last_pkt_time":1120469635049544,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1120469635049544,"pkt":"AODtAW69ADBUADRWCABFEAAreRJAADkGcRmT6gH9wKgBAgQVCqDlH5cvr53DLFAYYzbRJQAAIA0KAAAA"} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635052210,"flow_src_last_pkt_time":1120469635052210,"flow_dst_last_pkt_time":1120469635052210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635052210,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -194,9 +195,9 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1120469680447016,"flow_dst_last_pkt_time":1120469680447016,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469680447016,"pkt":"ADBUADRWAODtAW69CABFAABIRc8AAIARTYLAqAECwKgBAQqkJXMANFNK1tYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469681446824,"flow_src_last_pkt_time":1120469681446824,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469681446824,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1120469681446824,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469681446824,"pkt":"ADBUADRWAODtAW69CABFAABIadAAAIARTYHAqAECwKgBAQqkADUANFNK1tYBAAABAAB2AAAABF9zaXAEX3VkcAMlcwAJY3liZXJjaXR5AmRrAAAhAAE="} -01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469681446824,"flow_src_last_pkt_time":1120469681446824,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469681446824,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp._s?.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":2403,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01332{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469681446824,"flow_src_last_pkt_time":1120469681446824,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469681446824,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp._s?.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":2403,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1120469683449627,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469683449627,"pkt":"ADBUADRWAODtAW69CABFAABIYdEAAIARTYDAqAECwKgBAQqkADUANFNK1tYBAAABAAAAAAAABF9zaXAGX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAQE="} -01407{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120469681446824,"flow_src_last_pkt_time":1120469683449627,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469683449627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01415{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120469681446824,"flow_src_last_pkt_time":1120469683449627,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469683449627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469685131995,"flow_src_last_pkt_time":1120469685131995,"flow_dst_last_pkt_time":1120469685131995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469685131995,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1120469685131995,"flow_dst_last_pkt_time":1120469685131995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469685131995,"pkt":"\/\/\/\/\/\/\/\/AOB2AW69CABFAABOadMAAIARTHrAqAECwKgB\/wCJY4kAOls4hPQBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUN1NEFDQUJNAHEgAAE="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469685452600,"flow_src_last_pkt_time":1120469685452600,"flow_dst_last_pkt_time":1120469685452600,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469685452600,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.17.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -395,14 +396,14 @@ 01086{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120469956232437,"flow_src_last_pkt_time":1120469956232437,"flow_dst_last_pkt_time":1120469956233923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120469956233923,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469956945492,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469956945492,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1120469956945492,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469956945492,"pkt":"ADBUADRWAODtAW69CABFAABIakgAAIARTQnAqAECwKgBAQq0ADUANP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaSVzAGRrAAAhLwE="} -01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469956945492,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469956945492,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberci_s","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25707,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469956945492,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469956945492,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberci_s","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25707,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1120469957944384,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469957944384,"pkt":"ADBUADRWAODtAW69CABFAABIakkAAIARTQjAqAECwKgBAQq0ADUANP0xLN82AAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469957944384,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469957944384,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01338{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469957944384,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469957944384,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1120469959947225,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469959947225,"pkt":"ADBUADRWAODtAW69CABFAABIakoAAIARTQfAqAECwKgBAQq0ADUANP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469961950106,"packet_id":186,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2151,"global_ts_usec":1120469961950106} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":186,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2151,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469959947225,"pkt":"ADBUADRWAODtAW69CGdFAABIaksAAIARTQbAqAECwKgBAQq0ADUAPP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1120469965955887,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469965955887,"pkt":"ADBUADRWAODtAW69CABFAABIakwAAIARTQXAqAECwKgBAQq0ADUANP0xLN8BJXMAAAAAAAAABF9zaXAEX3VkcANzaXAJc3liZXJUaXR5AmRrAAAhAAE="} -01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469965955887,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469965955887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01442{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469965955887,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469965955887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469970215886,"flow_src_last_pkt_time":1120469970215886,"flow_dst_last_pkt_time":1120469970215886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469970215886,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1120469970215886,"flow_dst_last_pkt_time":1120469970215886,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469970215886,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOak0AAIARTADAqAECwKgB\/wCJIIkAOluRhQoBEAABAAAAAAAAIEVGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469973957831,"flow_src_last_pkt_time":1120469973957831,"flow_dst_last_pkt_time":1120469973957831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469973957831,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -484,7 +485,7 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1120470033172606,"flow_dst_last_pkt_time":1120470033172606,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470033172606,"pkt":"ADBUADRWAODtAXO9CABFAABIamkAAIDwTOjAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp18mEDbmV0AAAhAAE="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470035175480,"flow_src_last_pkt_time":1120470035175480,"flow_dst_last_pkt_time":1120470035175480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470035175480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1120470035175480,"flow_dst_last_pkt_time":1120470035175480,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470035175480,"pkt":"ADBUADRWAODtAW69CABFAABIamoAAIARTOfAqAEiwKgBAQq6ADUANMsPhMQBAAABAAAAiwAABF9zaXAEX3VkcAQlcwBwB2JyVmp1bGEDbmV0AAAhAAE="} -01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470035175480,"flow_src_last_pkt_time":1120470035175480,"flow_dst_last_pkt_time":1120470035175480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470035175480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp._s?p.brvjula.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28679,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01334{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470035175480,"flow_src_last_pkt_time":1120470035175480,"flow_dst_last_pkt_time":1120470035175480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470035175480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp._s?p.brvjula.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28679,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1120470037178362,"flow_dst_last_pkt_time":1120470032178937,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470037178362,"pkt":"ADBUADRWAODtAW69CABFAABIamsAAIARTObAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_src_last_pkt_time":1120470041184152,"flow_dst_last_pkt_time":1120470032178937,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470041184152,"pkt":"ADBUADRWAKDtAW69CABFAABIamwAAIARTOXAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469848977728,"flow_src_last_pkt_time":1120469848977728,"flow_dst_last_pkt_time":1120469848977728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470041184152,"l3_proto":"ip4","src_ip":"172.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -526,7 +527,7 @@ 01213{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470049190871,"flow_src_last_pkt_time":1120470052189909,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470052189909,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":4,"flow_src_last_pkt_time":1120470054192756,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470054192756,"pkt":"ADBUADRWADbtAW69CABFAABIanQAAIARRzjAqAECwKgBAQq8ADUANCzl\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":5,"flow_src_last_pkt_time":1120470058198554,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470058198554,"pkt":"ADBUADRWAODtAW69CABFAABIanUAAIARTNzAqAECwKgBAQq8ADUANAxC\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5Aqqqqqqqqqo="} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470049190871,"flow_src_last_pkt_time":1120470058198554,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470058198554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01416{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470049190871,"flow_src_last_pkt_time":1120470058198554,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470058198554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469877188186,"flow_src_last_pkt_time":1120469877188186,"flow_dst_last_pkt_time":1120469877188186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470058198554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469877188186,"flow_src_last_pkt_time":1120469877188186,"flow_dst_last_pkt_time":1120469877188186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470058198554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469864991331,"flow_src_last_pkt_time":1120469864991331,"flow_dst_last_pkt_time":1120469864991331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470058198554,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -552,7 +553,7 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_src_last_pkt_time":1120470071297608,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470071297608,"pkt":"ADBUADREAODtAW69CABFAABIan4AAIAR7NPAqAECwKgBAQq+ADUANBBXP8gBqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470066293853,"flow_src_last_pkt_time":1120470071297608,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470071297608,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.voip.brujula.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":4,"flow_src_last_pkt_time":1120470075303154,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470075303154,"pkt":"ADBUADZWAFjtAW69CABFAABIan8AAIARTNLAqAECwKgBAQq+ADUANBAIP8gBBAABAAAAAAAABF9zaXAEX3VkcAR2byVzAGJydWp1bGEDbmV0AAAhAAE="} -01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470066293853,"flow_src_last_pkt_time":1120470075303154,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470075303154,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.vo_s","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25202,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01433{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470066293853,"flow_src_last_pkt_time":1120470075303154,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470075303154,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.vo_s","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25202,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470019512857,"flow_src_last_pkt_time":1120470019512857,"flow_dst_last_pkt_time":1120470019512857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470075303154,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469970215886,"flow_src_last_pkt_time":1120469970215886,"flow_dst_last_pkt_time":1120469970215886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470075303154,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469922894014,"flow_src_last_pkt_time":1120469922894014,"flow_dst_last_pkt_time":1120469922894014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470075303154,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -566,7 +567,7 @@ 01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470083305056,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470083306558,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470083306558,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARt8vAqAEBwKgBAgA1Cr8AR+yxGsqAAAABAAEAAAAAATEBMCVzADEyNwdpbi1hZGRyBGFycGEAAAwAARoMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01402{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470083306558,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12594,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470083306558,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12594,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 01026{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":4,"flow_src_last_pkt_time":1120470083308013,"flow_dst_last_pkt_time":1120470051405231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1120470083308013,"pkt":"ADBUADRWAODtAW69CABFAAGTaoEAAIARzJjAqAECyER4URPEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANN1ZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPHNpcDolcwA2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubkhwPg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguJXMADQpDU2VxOiAxIENBTkNFTA0KQ29udGVudC1MZW5ndGg6JXMACk1heC1Gb3J3YXJkczogdzANClVzZXItQWdlbnQ6IE5lcm8gU0lQUFMgSVAgUGhvbmUgVmVyc2lvbiAyLjAuNTEuMTYNCg0K"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470083310624,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470083310624,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1120470083310624,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470083310624,"pkt":"ADBUADRWAODtAW69CABFAABIaoIAAIARTM\/AqAECwKgBAQrAADUANLk4cMwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} @@ -653,16 +654,16 @@ 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469944224630,"flow_src_last_pkt_time":1120469944224630,"flow_dst_last_pkt_time":1120469944224630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120469940218900,"flow_src_last_pkt_time":1120469948230389,"flow_dst_last_pkt_time":1120469940218900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01320{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01328{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470088311840,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00659{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":282,"packets-processed":241,"total-skipped-flows":0,"total-l4-payload-len":24511,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":70,"total-detection-updates":26,"total-updates":178,"current-active-flows":63,"total-active-flows":109,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":658,"global_ts_usec":1120470141614697} +00659{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":282,"packets-processed":241,"total-skipped-flows":0,"total-l4-payload-len":24511,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":71,"total-detection-updates":26,"total-updates":178,"current-active-flows":63,"total-active-flows":109,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":659,"global_ts_usec":1120470141614697} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470141614697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470141614697,"pkt":"ADBUADRWAODtAW69CABFAABIaqIAAIARTK\/AqAECwKgBAQrEADUANAAlcwABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrACVzAAE="} 01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470141614697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_src_last_pkt_time":1120470142609990,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470142609990,"pkt":"ADBVADRWAODtAW69CABFAABIaqMAAIARTK7AqAECwKgBAQrEADUANAARKfABVwABAAAAAAAABF\/zaXAEX3VkcANzaXAJY3liZXJjaXSSAmRrAAAhAAE="} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470142609990,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470142609990,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_?ip._udp.sip.cybercit?.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470142609990,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470142609990,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_?ip._udp.sip.cybercit?.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_src_last_pkt_time":1120470144612843,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470144612843,"pkt":"ADBUADRWAODtAW69CABFAABIaqQAAIARTK3AqAECwKgBAQrEADUANAARKfABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470144612843,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470144612843,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470144612843,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470144612843,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":4,"flow_src_last_pkt_time":1120470146615928,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470146615928,"pkt":"ADBUADRWAODtAW69CABFAABIaqUAAIARTKzAqAECwKgBAQrEADUANAARKfABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_src_last_pkt_time":1120470150621463,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470150621463,"pkt":"ADBUADRWAODtAW69CABFAABIaqYAAIARTKvAqAECwKgBAQrEADUANAARKfABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469970215886,"flow_src_last_pkt_time":1120469970215886,"flow_dst_last_pkt_time":1120469970215886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470150621463,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}} @@ -694,7 +695,7 @@ 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158623642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470158623642,"pkt":"ADBUADRWAODtAW69CABFAABEaqcAAIARTK7AqAECwKgBAQrFADUAMEUJ3\/AAAAABAAAAAAAAATEBdgEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158623642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470158623642,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.v.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470158625217,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CsUARyeF3\/CAAAABAAEAAAAAAXMBMAElcwAyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01182{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470158625217,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470158625217,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 02250{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120470161396896,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1592,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470161396896,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":741823,"avg":20017986.0,"max":47494748,"stddev":22627942.0,"var":512023754440704.0,"ent":3.9,"data": [746308,47494748,744583,751092,46512252,745680,46548540,1500555,45837567,749435,751083,46756478,741823,751085,45987992,749213,47479804,47268139,749384,47257959,751080,46297871,749788,46627979,750158,751078,45907667,749430,751084,46347688,750041]},"pktlen": {"min":78,"avg":78.0,"max":78,"stddev":0.0,"var":0.0,"ent":5.0,"data": [78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78]},"bins": {"c_to_s": [0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.275660515,4.184385777,4.229382992,4.337641239,4.229382992,4.245346546,4.229382992,4.275660515,4.299727440,4.275660515,4.292109013,4.275660515,4.337901115,4.229382992,4.229382992,4.203742027,4.250019550,4.178100586,4.229382992,4.255024433,4.194064140,4.238767147,4.229382992,4.325850487,4.194064140,4.194064140,4.264408588,4.321938515,4.255024433,4.256044388,4.229382992,3.185813189]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469973959320,"flow_src_last_pkt_time":1120469973959320,"flow_dst_last_pkt_time":1120469973959320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470162147971,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469973957831,"flow_src_last_pkt_time":1120469973957831,"flow_dst_last_pkt_time":1120469973957831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470162147971,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -707,7 +708,7 @@ 00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470113337845,"flow_src_last_pkt_time":1120470121594088,"flow_dst_last_pkt_time":1120470113337845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":97,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470162147971,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470170646619,"flow_src_last_pkt_time":1120470170646619,"flow_dst_last_pkt_time":1120470170646619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470170646619,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_src_last_pkt_time":1120470170646619,"flow_dst_last_pkt_time":1120470170646619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470170646619,"pkt":"ADBUADRWAODtAW69CABFAABIaqwAAIARTKXAqAECwKgBAQpQADUANOIMR\/IBAAABAAAAAAAABKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470170646619,"flow_src_last_pkt_time":1120470170646619,"flow_dst_last_pkt_time":1120470170646619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470170646619,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01407{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470170646619,"flow_src_last_pkt_time":1120470170646619,"flow_dst_last_pkt_time":1120470170646619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470170646619,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470171641690,"flow_src_last_pkt_time":1120470171641690,"flow_dst_last_pkt_time":1120470171641690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470171641690,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1120470171641690,"flow_dst_last_pkt_time":1120470171641690,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470171641690,"pkt":"ADBUADRWAODtAW69CABFAABIaq0AAIARTKTAqAECwKgBAQrhADUANOIMR\/IBAAABAAAAAAAABF9zaXAEX3RkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470171641690,"flow_src_last_pkt_time":1120470171641690,"flow_dst_last_pkt_time":1120470171641690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470171641690,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._tdp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -725,7 +726,7 @@ 00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470117343746,"flow_src_last_pkt_time":1120470117343746,"flow_dst_last_pkt_time":1120470117343746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470015072741,"flow_src_last_pkt_time":1120470024079690,"flow_dst_last_pkt_time":1120470015072741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2744,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01320{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01328{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470088311840,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470129591869,"flow_src_last_pkt_time":1120470129591869,"flow_dst_last_pkt_time":1120470129593389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470187655341,"flow_src_last_pkt_time":1120470187655341,"flow_dst_last_pkt_time":1120470187655341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470187655341,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -772,7 +773,7 @@ 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470069294518,"flow_src_last_pkt_time":1120470069294518,"flow_dst_last_pkt_time":1120470069294518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":10942,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470100319543,"flow_src_last_pkt_time":1120470100319543,"flow_dst_last_pkt_time":1120470100321028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470113337845,"flow_src_last_pkt_time":1120470121594088,"flow_dst_last_pkt_time":1120470113337845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":97,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01221{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01105{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":3,"flow_first_seen":1120470049696866,"flow_src_last_pkt_time":1120470110894601,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":4269,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00788{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470092317681,"flow_src_last_pkt_time":1120470092317681,"flow_dst_last_pkt_time":1120470092317681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -815,9 +816,9 @@ 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470236795395,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470236795395,"pkt":"ADBUADRWAODtAW69CABFAABIaskAAIARTIjAqAECqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_src_last_pkt_time":1120470238798300,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470238798300,"pkt":"ADBUADRWAODtAW69CABFAABIasoAAIARTIfAqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzDXAJY0liZXJjaXR5AmRrAAAhAAE="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470238798300,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470238798300,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.s?p.cibercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470238798300,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470238798300,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.s?p.cibercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":4,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470242804255,"pkt":"ADBUADRWAODtAW69CABFAABIassAAIARTIbAqAECwKgBAQrMADUANEn9qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -01512{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01520{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049185972,"flow_src_last_pkt_time":1120470049185972,"flow_dst_last_pkt_time":1120470049185972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"67.168.1.1","src_port":2747,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470032178937,"flow_src_last_pkt_time":1120470041184152,"flow_dst_last_pkt_time":1120470032178937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049187466,"flow_src_last_pkt_time":1120470049187466,"flow_dst_last_pkt_time":1120470049187466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -825,7 +826,7 @@ 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470117343746,"flow_src_last_pkt_time":1120470117343746,"flow_dst_last_pkt_time":1120470117343746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01320{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01328{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470088311840,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470129591869,"flow_src_last_pkt_time":1120470129591869,"flow_dst_last_pkt_time":1120470129593389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470150621463,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -863,7 +864,7 @@ 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470086308978,"flow_src_last_pkt_time":1120470086308978,"flow_dst_last_pkt_time":1120470086308978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470100319543,"flow_src_last_pkt_time":1120470100319543,"flow_dst_last_pkt_time":1120470100321028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470113337845,"flow_src_last_pkt_time":1120470121594088,"flow_dst_last_pkt_time":1120470113337845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":97,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01221{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470202676324,"flow_src_last_pkt_time":1120470208684923,"flow_dst_last_pkt_time":1120470202676324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":3,"flow_first_seen":1120470049696866,"flow_src_last_pkt_time":1120470110894601,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":4269,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00788{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470092317681,"flow_src_last_pkt_time":1120470092317681,"flow_dst_last_pkt_time":1120470092317681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -888,7 +889,7 @@ 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470084827100,"flow_src_last_pkt_time":1120470084827100,"flow_dst_last_pkt_time":1120470084827100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470085969731,"flow_src_last_pkt_time":1120470085969731,"flow_dst_last_pkt_time":1120470085969731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":265,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470086308978,"flow_src_last_pkt_time":1120470086308978,"flow_dst_last_pkt_time":1120470086308978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01318{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01326{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470088311840,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470092317681,"flow_src_last_pkt_time":1120470092317681,"flow_dst_last_pkt_time":1120470092317681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -910,7 +911,7 @@ 01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470098867648,"flow_src_last_pkt_time":1120470098867648,"flow_dst_last_pkt_time":1120470098867648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233792936,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01420{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01428{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470298331768,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470298331768} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470284937812,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470299325295,"packet_id":358,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_usec":1120470299325295} @@ -938,7 +939,7 @@ 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470259918614,"flow_src_last_pkt_time":1120470259918614,"flow_dst_last_pkt_time":1120470259918614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470129591869,"flow_src_last_pkt_time":1120470129591869,"flow_dst_last_pkt_time":1120470129593389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470150621463,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01221{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470175647445,"flow_src_last_pkt_time":1120470179653185,"flow_dst_last_pkt_time":1120470175647445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470187655341,"flow_src_last_pkt_time":1120470187655341,"flow_dst_last_pkt_time":1120470187655341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470202676324,"flow_src_last_pkt_time":1120470208684923,"flow_dst_last_pkt_time":1120470202676324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -964,16 +965,16 @@ 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470267925643,"flow_src_last_pkt_time":1120470276933108,"flow_dst_last_pkt_time":1120470267925643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470315653366,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470327552269,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470327552269,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_src_last_pkt_time":1120470327552269,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470327552269,"pkt":"ADBUOzRWAODtAW69CABFAABIau8AAIARTGLAqAECwKgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY6qqqqqqqqqqqqqqqqqqqqo="} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470327552269,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470327552269,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01407{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470327552269,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470327552269,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_src_last_pkt_time":1120470328547303,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470328547303,"pkt":"ADBUADRWAODtAW69CABFQABIavAAAIARTGHAqAECwKgBAQrUADUANIwPneEBAACQAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01407{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470328547303,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470328547303,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01415{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470328547303,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470328547303,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_src_last_pkt_time":1120470330550185,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470330550185,"pkt":"ADBUADRWAODtAW69CABFAABIavEAAIARTGDAqAECwKgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAAX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01416{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470330550185,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470330550185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":24437,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01424{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470330550185,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470330550185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":24437,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470332553067,"flow_src_last_pkt_time":1120470332553067,"flow_dst_last_pkt_time":1120470332553067,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470332553067,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_src_last_pkt_time":1120470332553067,"flow_dst_last_pkt_time":1120470332553067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470332553067,"pkt":"ADBUADRWAODtAW69CABFAABIavIAAIARTF\/AqAECwLgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470332553067,"flow_src_last_pkt_time":1120470332553067,"flow_dst_last_pkt_time":1120470332553067,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470332553067,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":4,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470336558847,"pkt":"ADBUADRWAODtAW5yCABFAABIavMAAIARTF7AqAECwKgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAlcwBibXJjaXR5AmRrAAAhAAE="} -01412{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25197,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01420{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25197,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470150621463,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470272927556,"flow_src_last_pkt_time":1120470272927556,"flow_dst_last_pkt_time":1120470272927556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -982,7 +983,7 @@ 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470216686822,"flow_src_last_pkt_time":1120470216686822,"flow_dst_last_pkt_time":1120470216688322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470216783289,"flow_src_last_pkt_time":1120470219780912,"flow_dst_last_pkt_time":1120470216783289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233792936,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01420{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01428{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470270925077,"flow_src_last_pkt_time":1120470270925077,"flow_dst_last_pkt_time":1120470270925077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470284935173,"flow_src_last_pkt_time":1120470284935173,"flow_dst_last_pkt_time":1120470284935173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470171641690,"flow_src_last_pkt_time":1120470171641690,"flow_dst_last_pkt_time":1120470171641690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -993,7 +994,7 @@ 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470344562295,"packet_id":377,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470344562295} 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":377,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470344560828,"pkt":"AODtAW69ADBUADRWCABFAABbAACGAEARtz7AqAEBwKgBAgA1CtUAR5KDdOKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470170646619,"flow_src_last_pkt_time":1120470170646619,"flow_dst_last_pkt_time":1120470170646619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01219{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470171641690,"flow_src_last_pkt_time":1120470171641690,"flow_dst_last_pkt_time":1120470171641690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470187656855,"flow_src_last_pkt_time":1120470187656855,"flow_dst_last_pkt_time":1120470187656855,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":71,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":71,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":71,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":5} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470304312412,"flow_src_last_pkt_time":1120470304312412,"flow_dst_last_pkt_time":1120470304312412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -1016,12 +1017,12 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_src_last_pkt_time":1120470357579070,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470357579070,"pkt":"ADBUADRWAODtAW69CABFAABIavoAAIARTFfAqAECwKgBAQrWADUANFcM0uIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470357579070,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470357579070,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_src_last_pkt_time":1120470359581956,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470359581956,"pkt":"ADBUADTdAODtAW69CABFSQBIavMAAIARTFbAqAECwKgBAQrWADUANFcM0uIBAAABAAAAAAAABF9zaXAEX3VkcAxzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01409{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470359581956,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470359581956,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01417{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470359581956,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470359581956,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470361584807,"flow_src_last_pkt_time":1120470361584807,"flow_dst_last_pkt_time":1120470361584807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470361584807,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_src_last_pkt_time":1120470361584807,"flow_dst_last_pkt_time":1120470361584807,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470361584807,"pkt":"ADBUAEtWAODtAW69CABFAABIavwAAIARTFXAqAkCwKgBAQrWADUANFcM2uIBAAAAAAAAJXMABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470361584807,"flow_src_last_pkt_time":1120470361584807,"flow_dst_last_pkt_time":1120470361584807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470361584807,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":4,"flow_src_last_pkt_time":1120470365590672,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470365590672,"pkt":"ADBUADRWAODtAW69CABFAABIav0AAIARTFTAqAECwKgBAQrWADUANFcM0uIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01435{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470365590672,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01443{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470365590672,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 01293{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470173644568,"flow_src_last_pkt_time":1120470173644568,"flow_dst_last_pkt_time":1120470173644568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470173644568,"flow_src_last_pkt_time":1120470173644568,"flow_dst_last_pkt_time":1120470173644568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470175647445,"flow_src_last_pkt_time":1120470179653185,"flow_dst_last_pkt_time":1120470175647445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1032,20 +1033,20 @@ 01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315340201,"flow_src_last_pkt_time":1120470315340201,"flow_dst_last_pkt_time":1120470315340201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373592474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470373592474,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373592474,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470373592474,"pkt":"ADBUADRWAODtAW69CABFAABEav4AAIARTFfAqAECwKgBAQrXADUAMHoFquIAAAABAAAAAAAIATEBMAEwAzEyNwdpbi1hUWSWBGFycGEAAAwAAQ=="} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373592474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470373592474,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-aqd?.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373592474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470373592474,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-aqd?.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470373593968,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CtcAR1yBquKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470373593968,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} +01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470373593968,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470187655341,"flow_src_last_pkt_time":1120470187655341,"flow_dst_last_pkt_time":1120470187655341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470373595117,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470373595117,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470385615843,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470385615843,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_src_last_pkt_time":1120470385615843,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470385615843,"pkt":"ADBUADRWAODtAW69CABFAABIawQAAIARTE3AqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470385615843,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470385615843,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_src_last_pkt_time":1120470386610998,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470386610998,"pkt":"ADBUADRWAODtAW69CABFAABIawUAAKARTEzAqAECwKgBAQrYADUANEcJLuMBAAABAAAAAAAABV9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470386610998,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470386610998,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01416{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470386610998,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470386610998,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470388613748,"packet_id":392,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470388613748} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470386610998,"pkt":"ADBUADSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_src_last_pkt_time":1120470390616811,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470390616811,"pkt":"ADBUADRWAODtAW69CABFAABIawsAAIARTEbAqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01435{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470390616811,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470390616811,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01443{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470390616811,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470390616811,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":4,"flow_src_last_pkt_time":1120470394622318,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470394622318,"pkt":"ADBUADRWAODtAW69CABFAABIayAAAIARTDHAqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01289{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470200673416,"flow_src_last_pkt_time":1120470200673416,"flow_dst_last_pkt_time":1120470200673416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470200673416,"flow_src_last_pkt_time":1120470200673416,"flow_dst_last_pkt_time":1120470200673416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1055,7 +1056,7 @@ 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470216686822,"flow_src_last_pkt_time":1120470216686822,"flow_dst_last_pkt_time":1120470216688322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470216783289,"flow_src_last_pkt_time":1120470219780912,"flow_dst_last_pkt_time":1120470216783289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233792936,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01420{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01428{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470270925077,"flow_src_last_pkt_time":1120470270925077,"flow_dst_last_pkt_time":1120470270925077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470284935173,"flow_src_last_pkt_time":1120470284935173,"flow_dst_last_pkt_time":1120470284935173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470332553067,"flow_src_last_pkt_time":1120470332553067,"flow_dst_last_pkt_time":1120470332553067,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1100,7 +1101,7 @@ 01008{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233792936,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01418{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01426{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470267920560,"flow_src_last_pkt_time":1120470267920560,"flow_dst_last_pkt_time":1120470267922044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470267925643,"flow_src_last_pkt_time":1120470276933108,"flow_dst_last_pkt_time":1120470267925643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1108,7 +1109,7 @@ 01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315340201,"flow_src_last_pkt_time":1120470315340201,"flow_dst_last_pkt_time":1120470315340201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470361584807,"flow_src_last_pkt_time":1120470361584807,"flow_dst_last_pkt_time":1120470361584807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431656040,"flow_src_last_pkt_time":1120470431656040,"flow_dst_last_pkt_time":1120470431656040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470431656040,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_src_last_pkt_time":1120470431656040,"flow_dst_last_pkt_time":1120470431656040,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470431656040,"pkt":"ADBUADRWAODtAW69CABFAABEa08AAIARTAbAqAECwKgBAQrgADUAMIb5neUAAAABAAAAAAAAATEBMAEwJXMANwdpbi1hZGRyqqqqqqqqqqqqqg=="} 01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431656040,"flow_src_last_pkt_time":1120470431656040,"flow_dst_last_pkt_time":1120470431656040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470431656040,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":14087,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -1154,7 +1155,7 @@ 01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402625817,"flow_src_last_pkt_time":1120470402625817,"flow_dst_last_pkt_time":1120470402625817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470448149289,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456151196,"flow_src_last_pkt_time":1120470456151196,"flow_dst_last_pkt_time":1120470456151196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456151196,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":1120470456151196,"flow_dst_last_pkt_time":1120470456151196,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470456151196,"pkt":"ADBUADRWAODtAW69CABFAABEa1kAAIARS\/zAqAECwKgBAwriADUAMED14+cAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZKxyBGFycGEAAAwAAQ=="} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456151196,"flow_src_last_pkt_time":1120470456151196,"flow_dst_last_pkt_time":1120470456151196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456151196,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-ad?r.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456151196,"flow_src_last_pkt_time":1120470456151196,"flow_dst_last_pkt_time":1120470456151196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456151196,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-ad?r.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470456152669,"packet_id":420,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470456152669} 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":420,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470456151196,"pkt":"AODtAW69ADBUADRWCABFAABbAABACEARtz7AqAEBwKgBAgA1CuIARyNx4+eAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456286438,"flow_src_last_pkt_time":1120470456286438,"flow_dst_last_pkt_time":1120470456286438,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456286438,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1164,12 +1165,12 @@ 01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456513142,"flow_src_last_pkt_time":1120470456513142,"flow_dst_last_pkt_time":1120470456513142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456513142,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470457512769,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470457512769,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_src_last_pkt_time":1120470457512769,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470457512769,"pkt":"ADBUADRWAODtAW69CABFAABIa1wAAIARS\/XAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABFtzaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470457512769,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470457512769,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470457512769,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470457512769,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":2,"flow_src_last_pkt_time":1120470459516362,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470459516362,"pkt":"ADBUAjRWAODtAW69CABFAABIa10AAIARS\/TAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":3,"flow_src_last_pkt_time":1120470461518537,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470461518537,"pkt":"ADBUADRWAODtAW69CABFAABIa14AAFMRS\/PAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABF9zaXAEX3VkcAPDaXAJa3liZXJtaXR5AmRrAAAhAAE="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470461518537,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470461518537,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.?ip.kybermity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470461518537,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470461518537,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.?ip.kybermity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":4,"flow_src_last_pkt_time":1120470465524315,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470465524315,"pkt":"ADBUADRWAODtAW69CABFAABIaV8AAIARS\/LAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470465524315,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470465524315,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470465524315,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470465524315,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00998{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470272927556,"flow_src_last_pkt_time":1120470272927556,"flow_dst_last_pkt_time":1120470272927556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470465524315,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470272927556,"flow_src_last_pkt_time":1120470272927556,"flow_dst_last_pkt_time":1120470272927556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470465524315,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470270925077,"flow_src_last_pkt_time":1120470270925077,"flow_dst_last_pkt_time":1120470270925077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470465524315,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1205,7 +1206,7 @@ 01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315340201,"flow_src_last_pkt_time":1120470315340201,"flow_dst_last_pkt_time":1120470315340201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470361584807,"flow_src_last_pkt_time":1120470361584807,"flow_dst_last_pkt_time":1120470361584807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431656040,"flow_src_last_pkt_time":1120470431656040,"flow_dst_last_pkt_time":1120470431656040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431657512,"flow_src_last_pkt_time":1120470431657512,"flow_dst_last_pkt_time":1120470431657512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470490640835,"flow_src_last_pkt_time":1120470490640835,"flow_dst_last_pkt_time":1120470490640835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470490640835,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1251,13 +1252,13 @@ 00794{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470447197884,"flow_src_last_pkt_time":1120470447197884,"flow_dst_last_pkt_time":1120470447197884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470496048179,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":35721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470501450887,"flow_src_last_pkt_time":1120470501450887,"flow_dst_last_pkt_time":1120470501450887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470501450887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1120470501450887,"flow_dst_last_pkt_time":1120470501450887,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470501450887,"pkt":"ADBUADRWAODtAW69CABFAABIa3QAAIARS93AqAECwKhDAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaSVzAHliZXJjaaqqqqqqqqqqqqo="} -01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470501450887,"flow_src_last_pkt_time":1120470501450887,"flow_dst_last_pkt_time":1120470501450887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470501450887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":31074,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01412{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470501450887,"flow_src_last_pkt_time":1120470501450887,"flow_dst_last_pkt_time":1120470501450887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470501450887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":31074,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509447840,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509447840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470509447840,"pkt":"ADBUADRWAODtAW69CABFAABEeHUAAIARS+DAqAECwKgBAQroADUAMOPqQOwAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509447840,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509447840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509449334,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470509449334,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEB8KgBAgA1CugAR8ZmQOyAAABkAAEAAAAAATEBMAEwAzEyNwdpbi1hGmRyBGFycGEAAFcAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509449334,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-a?dr.arpa","dns": {"num_queries":100,"num_answers":1,"reply_code":0,"query_type":87,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509449334,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-a?dr.arpa","dns": {"num_queries":100,"num_answers":1,"reply_code":0,"query_type":87,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00328{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470509599796,"packet_id":454,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_usec":1120470509599796} 01017{"packet_event_id":1,"packet_event_name":"packet","packet_id":454,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"thread_ts_usec":1120470509450894,"pkt":"AODtAW69ADBUADRWCABFAEMGAABAADcRiifU8iEjwKgBAhPEE8QB8vKXU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zNzBkOGU1DQpUbzogPHNpcDozNTEwNDcyM2pzaXAuY3liZSljaXR5LmRrPjt0YWc9MDAtMDQwODMtMTcwMWI2ZGQtMDUxZjVkYzMxDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNo4uMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTUuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wNTc3MjYxOTctNDg0MWM3Y2QxOTIuMTY4LjEuMvQKV1dXLUF1dGhlbnRpY2F0ZTogRGlnZXN0IHJlYWxtPSJzaXAuY3lzZXJjaXR5LmRrIixub25jZT0iMTcwMWI2Y2MxY2JjOTBkMzI4ZmUxZjFhMzFhMmM0ZSIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLHN0YWxlPWZhbHNlLGFsZ29yaXRobT1NRDUNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470187656855,"flow_src_last_pkt_time":1120470187656855,"flow_dst_last_pkt_time":1120470440137922,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":71,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":71,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":71,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1120470509450894,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":5} @@ -1277,7 +1278,7 @@ 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402627133,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470419648352,"flow_src_last_pkt_time":1120470419648352,"flow_dst_last_pkt_time":1120470419648352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470365590672,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470394622318,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470494127462,"flow_src_last_pkt_time":1120470494127462,"flow_dst_last_pkt_time":1120470494127462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402624214,"flow_src_last_pkt_time":1120470402624214,"flow_dst_last_pkt_time":1120470402624214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1303,7 +1304,7 @@ 01068{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402627133,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402627133,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470365590672,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470394622318,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402625817,"flow_src_last_pkt_time":1120470402625817,"flow_dst_last_pkt_time":1120470402625817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402624214,"flow_src_last_pkt_time":1120470402624214,"flow_dst_last_pkt_time":1120470402624214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1331,7 +1332,7 @@ 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470492042418,"flow_src_last_pkt_time":1120470492042418,"flow_dst_last_pkt_time":1120470492042418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509447840,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470444143597,"flow_src_last_pkt_time":1120470444143597,"flow_dst_last_pkt_time":1120470444143597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01211{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01219{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00794{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470447197884,"flow_src_last_pkt_time":1120470447197884,"flow_dst_last_pkt_time":1120470447197884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":35721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470114910372,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470114910372,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":5} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470636050780,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120470636050780} @@ -1369,7 +1370,7 @@ 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470501450887,"flow_src_last_pkt_time":1120470501450887,"flow_dst_last_pkt_time":1120470501450887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470492042418,"flow_src_last_pkt_time":1120470492042418,"flow_dst_last_pkt_time":1120470492042418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509447840,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01211{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01219{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00766{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120469635127552,"flow_src_last_pkt_time":1120470284937812,"flow_dst_last_pkt_time":1120469635127552,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":5} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470657808784,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470657808784,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":1120470657808784,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1120470657808784,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXL8AAIARWOvAqAEpwKgB\/wCKAIoAtl+xEQKRTcCoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAABgAAAAAAAAAAAOgDAAAAAAAAAAAGAMEAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTYAAAA"} @@ -1420,7 +1421,7 @@ 01106{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470588783128,"flow_src_last_pkt_time":1120470588783128,"flow_dst_last_pkt_time":1120470588783128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470685610738,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01114{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":24,"flow_first_seen":1120469572981006,"flow_src_last_pkt_time":1120470268128176,"flow_dst_last_pkt_time":1120470509450894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":306,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":593,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":4595,"flow_dst_tot_l4_payload_len":7399,"midstream":0,"thread_ts_usec":1120470685610738,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509447840,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470685610738,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01211{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470685610738,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01219{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470685610738,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470717078746,"flow_src_last_pkt_time":1120470717078746,"flow_dst_last_pkt_time":1120470717078746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470717078746,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1120470717078746,"flow_dst_last_pkt_time":1120470717078746,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1120470717078746,"pkt":"ADBUADRWAODtAW69CABFAAFIa4cAAIARSsrAqAECwKgBAQBEAEMBNA+RAQEGAAZtDDgAAAAAwKgBAgAAAAAAAAAAAAAAAN\/g7QFuvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUAAAAAAAAAAAAAAAAAAAAAYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANABjglNjNQEDPQcBAODtAW69DAdkMDAyNDY1UQsAAABkMDAyNDY1LjwITVNGVCA1LjA3CgEPAwYsLi8fISv\/AAAA"} 01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470717078746,"flow_src_last_pkt_time":1120470717078746,"flow_dst_last_pkt_time":1120470717078746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470717078746,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"d002465","dhcp": {"fingerprint":"1,15,3,6,44,46,47,31,33,43","class_ident":"MSFT 5.0"}}} @@ -1429,7 +1430,7 @@ 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1120470721915224,"flow_dst_last_pkt_time":1120470721915224,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1120470721915224,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADlXM4AAIARWMHAqAEpwKgB\/wCKAYoA0YerEQJM2MCoASkAigC7AAAghU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAABGAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XbkUAAQCA\/AoATEFCMTExAAAAAAAAAAAAAAUBAxAAAA8BVaoA"} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":24,"flow_first_seen":1120469572981006,"flow_src_last_pkt_time":1120470268128176,"flow_dst_last_pkt_time":1120470509450894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":306,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":593,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":4595,"flow_dst_tot_l4_payload_len":7399,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509447840,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01209{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00973{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470114910372,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470114910372,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00761{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470114910372,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470114910372,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":5} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470659308076,"flow_src_last_pkt_time":1120470659308076,"flow_dst_last_pkt_time":1120470659308076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -1443,16 +1444,16 @@ 01106{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470588783128,"flow_src_last_pkt_time":1120470588783128,"flow_dst_last_pkt_time":1120470588783128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470685610738,"flow_src_last_pkt_time":1120470685610738,"flow_dst_last_pkt_time":1120470685610738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470684859655,"flow_src_last_pkt_time":1120470684859655,"flow_dst_last_pkt_time":1120470684859655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00664{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":490,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":39786,"total-not-detected-flows":16,"total-guessed-flows":10,"total-detected-flows":134,"total-detection-updates":55,"total-updates":489,"current-active-flows":40,"total-active-flows":189,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1446,"global_ts_usec":1120470764674629} +00664{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":490,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":39786,"total-not-detected-flows":16,"total-guessed-flows":10,"total-detected-flows":135,"total-detection-updates":55,"total-updates":489,"current-active-flows":40,"total-active-flows":189,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1447,"global_ts_usec":1120470764674629} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470764674629,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470764674629,"pkt":"ADBUADRWQODtAW69CABFAAA+a48AAIARS8zAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlLQhzaXBwc3RhcgNjb20AAAEAAQ=="} 01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470764674629,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"re-.sippstar.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470765675908,"pkt":"AEtUADRWAODtAW69CABFAAA+a5AAAIARS8vAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXC6c3RhcgNjb20AAAEAAQ=="} -01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470765675908,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"reg.sip?star.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470765675908,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"reg.sip?star.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470767678785,"packet_id":492,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_usec":1120470767678785} 00407{"packet_event_id":1,"packet_event_name":"packet","packet_id":492,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1120470765675908,"pkt":"ADBUADRWAODtAW69CABFAAA+a5EABGQRS8rAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXBwc3RhcgNjb20AAAEAAQ=="} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1120470768028248,"pkt":"AODtAW69ADBUADRWCABFAACbAABAAGcRtv7AqAEBwKgBAgA1CukAh65F6OyBgAABAAEAAgACA3JlZwhzaXBwc3RhcgNjb20AAAEAAcAMAAEAAQAAAlgABFJi0SfAEAACAAEAAAJYAA8CbnMGaHNwZWVkA25ldADAEAACAAEAAAJYAAYDbnMzwEHAPgABAAEAAAUPAAQ+XcA7wFkAAQABAAAFDwAE1d1SAg=="} -01219{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470768028248,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"reg.sippstar.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.98.209.39"}}} +01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470768028248,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"reg.sippstar.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.98.209.39"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470774132541,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470774132541,"pkt":"ADBUADRWAODtAW69CABFAAA+a5IAAIARS8nAqAECwKhsAQrqADUAKnjTXO4BAAABAAAAAHEAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} 01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470774132541,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -1486,11 +1487,11 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":1120470779487018,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470779487018,"pkt":"ADBUADRWAODtAW69CABFAABIa5kAAIARS7jAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AkFrAAAhAAE="} 01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470779487018,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470779487018,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.ak","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_src_last_pkt_time":1120470780685398,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470780685398,"pkt":"ADBUADRWAODtAW69CABFAABIa5oAAIARS7fAqAECwKgBAQrsADUANNbHUxEBAAABrQAAAAAABDtzaXAEX3VkcANzaXAJqqqqqqqqqqqqqqqqqqqqqqo="} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470780685398,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470780685398,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01416{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470780685398,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470780685398,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470781608802,"flow_src_last_pkt_time":1120470781608802,"flow_dst_last_pkt_time":1120470781608802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470781608802,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1120470781608802,"flow_dst_last_pkt_time":1120470781608802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470781608802,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa5wAAIARSrHAqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":3,"flow_src_last_pkt_time":1120470782692043,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470782692043,"pkt":"ADBUADRWAODtAW69CABFAABIa54AAIARS7PAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01435{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470782692043,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470782692043,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01443{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470782692043,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470782692043,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470784796360,"packet_id":511,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470784796360} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":511,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470782692043,"pkt":"ADBUADRWAODtAW69CABFAAB6a58AAIARS7LAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAAJF9zaXAEX3VkcANzaXAJeXliZXJjaXR5AmRrAAAhAAE="} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120470782359884,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2842,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470782692043,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -1501,9 +1502,9 @@ 01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470788806482,"flow_src_last_pkt_time":1120470788806482,"flow_dst_last_pkt_time":1120470788806482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470788806482,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796801135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796801135,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796801135,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470796801135,"pkt":"ADBUADRWAODtAW69CABFAABEa6EAAIARS7TAqAECwKgBAQrtADUAMFm\/yxIAAAABAAAAQAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycFwAAAwAAQ=="} -01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796801135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796801135,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arp_","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796801135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796801135,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arp_","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470796802602,"pkt":"AODtAW69ADBUADRWCABFiQBbAABAAEARtz7AqAEBwKgBAgA1Cu0ARzw7yxKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01087{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470796802602,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} +01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470796802602,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} 01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1120470796804243,"flow_dst_last_pkt_time":1120469635127552,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":508,"pkt_l4_len":474,"thread_ts_usec":1120470796804243,"pkt":"ADBUADRWAODtAW69CABFAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":482,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":482,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":482,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01172{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"thread_ts_usec":1120470796941095,"pkt":"AODtAW69ADBUADRWCABFAAH+AABAADcRii\/U8iEjwKgBAhPEE8QB6uoyU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMg0KQ1NlcTogMSBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDcyLTE3MDFiOTQxLTc3OTk0NTg0Mw0iVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmPYPWM5aEc0YktucCVzADc0Njg2LTQ1NWRiYmQ5MTkyLjE2OC4xLjINCldXYy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9uY2U9IjE3MDFiOTMzM2U4NzEzMmUxZjc0N2M1MDcyNjNkOTMiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG09TUQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="} @@ -1530,11 +1531,11 @@ 01435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":2,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470814189540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_usec":1120470814189540,"pkt":"ADBUADRWAODtAW69CABFAALDa6kAAIARFMHAqAEC1PIhIxPEE8QCr1LWUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjcxMTExNzUtNDMzMGM5ZDYxOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTlkYjMxNg0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz6GCkNhbGwtSUQ6IHI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwXzcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzRzM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDIgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpBdXRob3JpemF0aW9uOiBEaWdlc3QgdXNlcm5hbWU9InZvaTE4MDYyIixyZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsdXJpPSJzaXA6MTkyLjE2OC4xLjIiLG5vbmNlPSIxNzAxYjkzMzNlODcxMzJlN2Y3NDdjNTA3MjYzZDkzIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsbmM9IhIwMDAwMDAxIixyZXNwb25zZT0iMGRmOTZlYjUyOGJiNjMwYTE2ZmQwMjUyNjE4Y2YzY2IiDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQoNCg=="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814334275,"flow_src_last_pkt_time":1120470814334275,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470814334275,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_src_last_pkt_time":1120470814334275,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470814334275,"pkt":"ADBUADRWAODtAW69CABFAABIa6oAAIARS6fAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zxXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814334275,"flow_src_last_pkt_time":1120470814334275,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470814334275,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_s?p._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814334275,"flow_src_last_pkt_time":1120470814334275,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470814334275,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_s?p._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00931{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":3,"flow_src_last_pkt_time":1120470814336427,"flow_dst_last_pkt_time":1120470814189540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1120470814336427,"pkt":"AODtAW69ADBUAFpWCABFAAFKAABAADcRiuPU8iEjwKgBAhPEE8QBNvufU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1YjA1MS00NjViMDdiMg0KQ1NlcTogMiBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWdLMTlkYjMxNg0KVG86IDxzaXA6MzUxMDQ3MjNAc2lyLmN5YmVyY2l0eWtkaz4NClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLm4xOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAyNzExMTE3NS00MzMwYzlkNjE5Mi4xNjguMS4yDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 01155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":4,"flow_src_last_pkt_time":1120470814349707,"flow_dst_last_pkt_time":1120470814189540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":511,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":511,"pkt_l4_len":477,"thread_ts_usec":1120470814349707,"pkt":"AODtAW69ADBUADRWCABFAAHxAABAADcRijzU8iEjwKgBAhPEE8QB3VzrU0lQLzIuMCAyMDAgT0sNCkNhbGwtSUQ6IEg5ODU4MTQ3LTQ2NWIwNzcyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWw8c2lwOjM1MTA0NzIzQDE5Mi4xNjguMS4yOjUwNjA7bGluZT03ZDM2NTU4ZjMxMzY3MDUxPjtxPTAuNTAwO2V4cGlyZXM9MTIwMA0KQ1NlcTogMiAvRUdJU6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_src_last_pkt_time":1120470815395587,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470815395587,"pkt":"ADBUADRWAODtAW69CABFAABIa6sAAIARS6bAqAECwKgBAQrwADUASDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470814334275,"flow_src_last_pkt_time":1120470815395587,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470815395587,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470814334275,"flow_src_last_pkt_time":1120470815395587,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470815395587,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_src_last_pkt_time":1120470817390327,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470817390327,"pkt":"ADBUADRWAODtAW69CABFAABIa6wAAIARS6XAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470819393226,"flow_src_last_pkt_time":1120470819393226,"flow_dst_last_pkt_time":1120470819393226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_src_last_pkt_time":1120470819393226,"flow_dst_last_pkt_time":1120470819393226,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":17,"thread_ts_usec":1120470819393226,"pkt":"ADBUADRWAODtAW69CABFAAAlcwAAAIARS6TAqAECwKgBAQrwABUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3libXJjaXR5AmRrAAAhAAE="} @@ -1549,13 +1550,13 @@ 00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1120470658556995,"flow_src_last_pkt_time":1120470672075726,"flow_dst_last_pkt_time":1120470658556995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} 00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470721915224,"flow_src_last_pkt_time":1120470721915224,"flow_dst_last_pkt_time":1120470721915224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01120{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831400867,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470831400867,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831400867,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470831400867,"pkt":"ADBUADRWAODtAW69CABFAABEa7IAAIARS6PAqAECwKgBAQrxADUAMKq2ehcAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAQAwAAQ=="} 01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831400867,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470831400867,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":2,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470831402371,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvEAR40yeheAAAABAAEAAAAAATEBMCVzADEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470831402371,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470831402371,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831403943,"flow_src_last_pkt_time":1120470831403943,"flow_dst_last_pkt_time":1120470831403943,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":474,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":474,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470831403943,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","l4_proto":0,"flow_datalink":1,"flow_max_packets":5} 01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_src_last_pkt_time":1120470831403943,"flow_dst_last_pkt_time":1120470831403943,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":508,"pkt_l4_len":474,"thread_ts_usec":1120470831403943,"pkt":"ADBUADRWAODtAW69CABFAAHua7MAJXMAFYzAqAEC1PIhIxPEE8QB2oO4UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjY5MzY5tDUtNDc5ZTgzZjExOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTliMDYxNA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz4NCkNhbGwtSUQ6IDI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwNDcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzMTM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDMgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb2wgMi4wLjUxLjE2DQoNCg=="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831516024,"flow_src_last_pkt_time":1120470831516024,"flow_dst_last_pkt_time":1120470831516024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470831516024,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1589,16 +1590,16 @@ 00307{"error_event_id":2,"error_event_name":"Unknown L3 protocol","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470848686860,"packet_id":551,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120470848686860} 00818{"packet_event_id":1,"packet_event_name":"packet","packet_id":551,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":382,"pkt_l4_len":0,"thread_ts_usec":1120470848682926,"pkt":"ADBUADRWAODtAW69CAA\/AAFwa7wAAIARFgHAeQEC1PIhIxPEE8QBXMMEQUNLIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KRnJvbTogImFyaWsiIDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTE3NWExZGQNbENhbGwtSUQ6IDI0NDg3MzkxLTQ0OWJmMmEwQDE5Mi4xNjguMS4yDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yOjUwNjA7YnJhbmNoPXo5aEc0YktucDI0NDY2NDAyLTQ1ZGM2MWQ1MTkyLjE2OC4xLjI7cnBvcnQNClRvOiA8c2lwOjAwOTcyMzkyODcwNDRAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTBMLTA0JXMALTE3MDFiOWEwLTEzYzkyYTY3Mg0KQ1NlcTogMSBBQ0sNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_src_last_pkt_time":1120470849636660,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470849636660,"pkt":"ADBUADRWAODtAW69CABFAABIa70AAIARS5TAqAECwKgBAQr0ADUANOq3JXMAAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj6XR5AmRrAAAhAAE="} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470849636660,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberc?ty.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470849636660,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberc?ty.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470659308076,"flow_src_last_pkt_time":1120470659308076,"flow_dst_last_pkt_time":1120470659308076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470662062211,"flow_src_last_pkt_time":1120470662062211,"flow_dst_last_pkt_time":1120470662062211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808829,"flow_src_last_pkt_time":1120470657808829,"flow_dst_last_pkt_time":1120470657808829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120470848682926,"flow_dst_last_pkt_time":1120470848528833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":302,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":593,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":2328,"flow_dst_tot_l4_payload_len":1504,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470798172728,"flow_src_last_pkt_time":1120470806184239,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":3,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470851639615,"pkt":"ADBUADRWAODtAW69CABFAABIa74AAIARS5PAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470851639615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470851639615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470853642421,"packet_id":554,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2136,"global_ts_usec":1120470853642421} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":554,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470851639615,"pkt":"ADBUADRWAODtAW69CFhFAABIa78AAIARS5LAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAET3VkcANzaXAJY3liZXJjaXR5AuRrAFchAAE="} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470857648279,"packet_id":555,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470857648279} @@ -1611,15 +1612,15 @@ 01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865651601,"flow_src_last_pkt_time":1120470865651601,"flow_dst_last_pkt_time":1120470865651601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865651601,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470865712571,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865712571,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_src_last_pkt_time":1120470865712571,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470865712571,"pkt":"ADBUADRWAODtAW69CABFAABIa8cAAIARS4rAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaU0EX3VkcANzaXAJY3tiZXJbaXRNAmRrAAAhAAE="} -01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470865712571,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865712571,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sim._udp.sip.c_ber_itm.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470865712571,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865712571,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sim._udp.sip.c_ber_itm.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":2,"flow_src_last_pkt_time":1120470866711535,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470866711535,"pkt":"ADBUADRWAODtAW69CABFAABIa8gAAIARS4jAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJYzRiZXJjaXR5AmRrAAAhAAE="} -01213{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470866711535,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470866711535,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.c4bercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470866711535,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470866711535,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.c4bercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":3,"flow_src_last_pkt_time":1120470868714284,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470868714284,"pkt":"ADB0ADRWAODtAW69CABFAABIa8kAAIARS4jAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470868714284,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470868714284,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470868714284,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470868714284,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":4,"flow_src_last_pkt_time":1120470870717164,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470870717164,"pkt":"ADBrADRWAODtAW69CABFAABIa8oAAIARW4fAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3hiZXJjaXR5AmRrAAAhAAE="} -01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470870717164,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470870717164,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cxbercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470870717164,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470870717164,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cxbercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":5,"flow_src_last_pkt_time":1120470874723383,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470874723383,"pkt":"ADBUADRWAODtAW69CABFAABIa8sAAIARS4bAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AlFrAAAhAAE="} -01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470874723383,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.qk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470874723383,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.qk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1120470658556995,"flow_src_last_pkt_time":1120470672075726,"flow_dst_last_pkt_time":1120470658556995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470685610738,"flow_src_last_pkt_time":1120470685610738,"flow_dst_last_pkt_time":1120470685610738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01008{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470684859655,"flow_src_last_pkt_time":1120470684859655,"flow_dst_last_pkt_time":1120470684859655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -1627,7 +1628,7 @@ 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470717078746,"flow_src_last_pkt_time":1120470717078746,"flow_dst_last_pkt_time":1120470717080389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":548,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":548,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470721915224,"flow_src_last_pkt_time":1120470721915224,"flow_dst_last_pkt_time":1120470721915224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470819393226,"flow_src_last_pkt_time":1120470819393226,"flow_dst_last_pkt_time":1120470819393226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01120{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814186350,"flow_src_last_pkt_time":1120470814186350,"flow_dst_last_pkt_time":1120470814186350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01102{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814187906,"flow_src_last_pkt_time":1120470814187906,"flow_dst_last_pkt_time":1120470814187906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1636,7 +1637,7 @@ 00415{"packet_event_id":1,"packet_event_name":"packet","packet_id":568,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":82,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_usec":1120470877496686,"pkt":"ADBUADRWAODtAW69CAhFAABEa88AAIARS4bCqAECwKgBAQr3ADUAMHGrsxwAAAABAAAAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470882726443,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470882726443,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvcAR1QnsxyAAAABAAEAAAAAASVzAAEwAzEyNwdpbi1hZGRyBGF2cGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470882726443,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":304,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} +01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470882726443,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":304,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882846553,"flow_src_last_pkt_time":1120470882846553,"flow_dst_last_pkt_time":1120470882846553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470882846553,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_src_last_pkt_time":1120470882846553,"flow_dst_last_pkt_time":1120470882846553,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470882846553,"pkt":"ADBUADRWAODtAW69CABFAABIa9EAAIARS4DAqAECwKgBAQr4lzUAND6uRB4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470883845876,"flow_src_last_pkt_time":1120470883845876,"flow_dst_last_pkt_time":1120470883845876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470883845876,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1652,7 +1653,7 @@ 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1120470775049884,"flow_src_last_pkt_time":1120470778053706,"flow_dst_last_pkt_time":1120470779408031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470782692043,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470788806482,"flow_src_last_pkt_time":1120470788806482,"flow_dst_last_pkt_time":1120470788806482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01213{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01221{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470832512194,"flow_src_last_pkt_time":1120470840523569,"flow_dst_last_pkt_time":1120470832512194,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470887851669,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43392,"global_ts_usec":1120470887851669} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":43392,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470885848866,"pkt":"ADBUADRWAODtAW69qYBFAABI\/dQAAIARS33AqAECwKgBAXP4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaWJ5AmRrAAAhAAE="} @@ -1684,7 +1685,7 @@ 00967{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470721915224,"flow_src_last_pkt_time":1120470721915224,"flow_dst_last_pkt_time":1120470721915224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}} 00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470721915224,"flow_src_last_pkt_time":1120470721915224,"flow_dst_last_pkt_time":1120470721915224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120470900056743,"flow_dst_last_pkt_time":1120470900060556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":302,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":593,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":3655,"flow_dst_tot_l4_payload_len":2523,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470798172728,"flow_src_last_pkt_time":1120470806184239,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470848525656,"flow_src_last_pkt_time":1120470848525656,"flow_dst_last_pkt_time":1120470848527232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1702,7 +1703,7 @@ 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_src_last_pkt_time":1120470924263958,"flow_dst_last_pkt_time":1120470924263958,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470924263958,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+EAAIARSmzAqAECwKgB\/wCJA4kAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVIQ0FDQUNBQ0FDQUJNAAAgAAE="} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470399719608,"flow_src_last_pkt_time":1120470399719608,"flow_dst_last_pkt_time":1120470399719608,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","l4_proto":0,"flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470819393226,"flow_src_last_pkt_time":1120470819393226,"flow_dst_last_pkt_time":1120470819393226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01120{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814186350,"flow_src_last_pkt_time":1120470814186350,"flow_dst_last_pkt_time":1120470814186350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01102{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814187906,"flow_src_last_pkt_time":1120470814187906,"flow_dst_last_pkt_time":1120470814187906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1719,7 +1720,7 @@ 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470954427379,"packet_id":598,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470954427379} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":598,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470952424495,"pkt":"ADBUADRWAODtAW69CABFAABIa+YAEIARS6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":4,"flow_src_last_pkt_time":1120470958433169,"flow_dst_last_pkt_time":1120470949427890,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470958433169,"pkt":"ADBUADRWAODtAW69CABFAABIa+cAAIARS2rAqAECwKgBAQr8ADUANNjGUQIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470834515187,"flow_src_last_pkt_time":1120470834515187,"flow_dst_last_pkt_time":1120470834515187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470781608802,"flow_src_last_pkt_time":1120470781608802,"flow_dst_last_pkt_time":1120470781608802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1734,13 +1735,13 @@ 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1120470775049884,"flow_src_last_pkt_time":1120470778053706,"flow_dst_last_pkt_time":1120470779408031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470782692043,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470788806482,"flow_src_last_pkt_time":1120470788806482,"flow_dst_last_pkt_time":1120470788806482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470798172728,"flow_src_last_pkt_time":1120470806184239,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01213{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01221{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470832512194,"flow_src_last_pkt_time":1120470840523569,"flow_dst_last_pkt_time":1120470832512194,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470848525656,"flow_src_last_pkt_time":1120470848525656,"flow_dst_last_pkt_time":1120470848527232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01329{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470883845876,"flow_src_last_pkt_time":1120470885848866,"flow_dst_last_pkt_time":1120470883845876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470891857378,"flow_src_last_pkt_time":1120470891857378,"flow_dst_last_pkt_time":1120470891857378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470899859727,"flow_src_last_pkt_time":1120470899859727,"flow_dst_last_pkt_time":1120470899861231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1750,7 +1751,7 @@ 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470899865018,"flow_src_last_pkt_time":1120470899865018,"flow_dst_last_pkt_time":1120470899865018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.170.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470966440815,"flow_src_last_pkt_time":1120470966440815,"flow_dst_last_pkt_time":1120470966440815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470966440815,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_src_last_pkt_time":1120470966440815,"flow_dst_last_pkt_time":1120470966440815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470966440815,"pkt":"ADBUADRWAODtAW69CABFAABEa+gAAIARS23AqAECwKgBAQr9ADUAMIS+oAMAAAABAAAAAAAAATEBMAEwEzEyNwdpbi1hZGByBGFycGEAAAwAAQ=="} -01425{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470966440815,"flow_src_last_pkt_time":1120470966440815,"flow_dst_last_pkt_time":1120470966440815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470966440815,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127?in-ad_r?arpa???","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470966440815,"flow_src_last_pkt_time":1120470966440815,"flow_dst_last_pkt_time":1120470966440815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470966440815,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127?in-ad_r?arpa???","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470966442326,"packet_id":601,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470966442326} 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":601,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470966440815,"pkt":"AJrtBW69ADBUADRWCABFAJFbeQBAAEARtz7AqAEBwKgBAgA1Cv0AR2c6oAOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGTyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00328{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470966443914,"packet_id":602,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":822,"global_ts_usec":1120470966443914} @@ -1796,12 +1797,12 @@ 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":616,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470983860327,"pkt":"AODtam69ADBUADRWCABFAABLAABcAEARtz7AqAEBhagBAgA1Cv8AR342iQWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470983999111,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470983999111,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_src_last_pkt_time":1120470983999111,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470983999111,"pkt":"ADBUADRWAODtAW69CABFAABIa\/kAAIARS1jAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABOxzaXAEX3VkcANzaHAJY3liZXJjaXR5AmRrAAAhAAE="} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470983999111,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470983999111,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"?sip._udp.shp.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470983999111,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470983999111,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"?sip._udp.shp.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470984353086,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470984353086,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00960{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":366,"pkt_l4_len":332,"thread_ts_usec":1120470984353086,"pkt":"ADBUADRWAODt4G69CABFAAFga\/oAAIARFdPAqAEC1PIhyRPEE8QBRC7GQUNLIHNpcDozNTEwNDcwNEBzaXAuY3liZXJjaXR5LmRrIFNJUC8yLjANCkZyb206ICJhcmlrIiA8c2lwOjM1MTA0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470984353086,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470984353086,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_src_last_pkt_time":1120470985234614,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470985234614,"pkt":"ADBUADTZAODtAW69CABFAABIa\/sAAIARS1bAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkUQNzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470985234614,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985234614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udq.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470985234614,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985234614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udq.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985348411,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985348411,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAED1PIhJHUwncgAHRjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1U\/V1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4eDAMABwYAAwMGBwEEBgYbHxwRaWBiFBEQFGoTFWBpYX10UltZ10dcVlJVREtCdatzeFp8bmgUag=="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985418358,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1820,16 +1821,16 @@ 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470986363611,"packet_id":633,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":20992,"global_ts_usec":1120470986363611} 00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":633,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":146,"pkt_type":20992,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"thread_ts_usec":1120470985511036,"pkt":"ADBUADRWAODtAW69UgBFAACEbAVoAIARFqPAqAEC9PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAE="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_src_last_pkt_time":1120470987237142,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470987237142,"pkt":"ADBUADRWAODtAW69CABFAABIbAYAAIARS0vAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVR5AmRrAAAhAAE="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470987237142,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470987237142,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470987237142,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470987237142,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470989238019,"packet_id":635,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470989238019} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":635,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470987237142,"pkt":"ADBUADRWAODtAW69CABFAABIbAdtAIARS07AqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVN5AmRrAAAhAAE="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":4,"flow_src_last_pkt_time":1120470993243427,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470993243427,"pkt":"ADBUADRWAODtAW69CABFAABIbAgAAIARS0nAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470993243427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470993243427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470798172728,"flow_src_last_pkt_time":1120470806184239,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470993243427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831403943,"flow_src_last_pkt_time":1120470831403943,"flow_dst_last_pkt_time":1120470831403943,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":474,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":474,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470993243427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","l4_proto":0,"flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001245112,"flow_src_last_pkt_time":1120471001245112,"flow_dst_last_pkt_time":1120471001245112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001245112,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_src_last_pkt_time":1120471001245112,"flow_dst_last_pkt_time":1120471001245112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120471001245112,"pkt":"ADBUADRWAODtAW69CABFAABEbDoAAIARSxvAqAECwKgBAQsGADUAMBixDAgAAAABEAAAAAAAATEBMAEwAzHvNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001245112,"flow_src_last_pkt_time":1120471001245112,"flow_dst_last_pkt_time":1120471001245112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001245112,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.1?7.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001245112,"flow_src_last_pkt_time":1120471001245112,"flow_dst_last_pkt_time":1120471001245112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001245112,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.1?7.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001263229,"flow_src_last_pkt_time":1120471001263229,"flow_dst_last_pkt_time":1120471001263229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001263229,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_src_last_pkt_time":1120471001263229,"flow_dst_last_pkt_time":1120471001263229,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_usec":1120471001263229,"pkt":"ADBUADRWAODtAW69CABFAAHsbDsAAIARFQbAqAEC1OohIxPEE8QB2K3LUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04Nzk3MWENClRvOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiAyOTg1ODFHNy00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMnMKQ29udGFjdDogcGVsIDxzaXA6MzUxMDQ3MjNAMTkyLjE2OC4xLjI6NTA2MDtsaW5lPTdkMzY1NThmMzEzNjcwNTE+O2V4cGlyZXM9MTIwMDtxBDAuNTAwDQpFeHBpcmVzOiAxMjAwDQpDU2VxOiA1IFJFR0lTVEVSDQpD\/G50ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhYmRzOiA3MA0KVXNlci1BZ2VudDoiTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuOC41MS4xNg0KDQo="} 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001263229,"flow_src_last_pkt_time":1120471001263229,"flow_dst_last_pkt_time":1120471001263229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001263229,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -1842,9 +1843,9 @@ 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471004709848,"packet_id":643,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120471004709848} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":643,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120471002706801,"pkt":"ALlUADRWAODtAW69CABFAABIbD4Au4ARSxNYqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":3,"flow_src_last_pkt_time":1120471006712546,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471006712546,"pkt":"ADBUADRWAODtAW69CABFAABIbEcAAIARSwrAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAApAAE="} -01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471006712546,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471006712546,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":41,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471006712546,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471006712546,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":41,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":4,"flow_src_last_pkt_time":1120471010718658,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471010718658,"pkt":"ADBUADRWAODtAW6kCABFAABIbEgAAIARSwnAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471010718658,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471010718658,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470399719608,"flow_src_last_pkt_time":1120470399719608,"flow_dst_last_pkt_time":1120470399719608,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","l4_proto":0,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470399719608,"flow_src_last_pkt_time":1120470399719608,"flow_dst_last_pkt_time":1120470399719608,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","l4_proto":0,"flow_datalink":1,"flow_max_packets":5} 00997{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470819393226,"flow_src_last_pkt_time":1120470819393226,"flow_dst_last_pkt_time":1120470819393226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -1858,11 +1859,11 @@ 00793{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882846553,"flow_src_last_pkt_time":1120470882846553,"flow_dst_last_pkt_time":1120470882846553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831516024,"flow_src_last_pkt_time":1120470831516024,"flow_dst_last_pkt_time":1120470831516024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470908872202,"flow_src_last_pkt_time":1120470908872202,"flow_dst_last_pkt_time":1120470908872202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"128.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01213{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01221{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470832512194,"flow_src_last_pkt_time":1120470840523569,"flow_dst_last_pkt_time":1120470832512194,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470848525656,"flow_src_last_pkt_time":1120470848525656,"flow_dst_last_pkt_time":1120470848527232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01329{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470883845876,"flow_src_last_pkt_time":1120470885848866,"flow_dst_last_pkt_time":1120470883845876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470891857378,"flow_src_last_pkt_time":1120470891857378,"flow_dst_last_pkt_time":1120470891857378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470899859727,"flow_src_last_pkt_time":1120470899859727,"flow_dst_last_pkt_time":1120470899861231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1884,11 +1885,11 @@ 01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":654,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120471019307986,"flow_src_last_pkt_time":1120471020302115,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471020302115,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":3,"flow_src_last_pkt_time":1120471022305496,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471022305496,"pkt":"ADBUADRWAODtAW69CABFAABIbFAAAIARSwHAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":4,"flow_src_last_pkt_time":1120471024307917,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471024307917,"pkt":"ADBUADRWAODtAW69CABFAABIbFEAAIARSwDAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01435{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120471019307986,"flow_src_last_pkt_time":1120471024307917,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471024307917,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01443{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120471019307986,"flow_src_last_pkt_time":1120471024307917,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471024307917,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":5,"flow_src_last_pkt_time":1120471028313614,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471028313614,"pkt":"ADBUADRWAODtARe9CABFAABIbFIAAIARSv\/AqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470834515187,"flow_src_last_pkt_time":1120470834515187,"flow_dst_last_pkt_time":1120470834515187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831516024,"flow_src_last_pkt_time":1120470831516024,"flow_dst_last_pkt_time":1120470831516024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01211{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01219{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470832512194,"flow_src_last_pkt_time":1120470840523569,"flow_dst_last_pkt_time":1120470832512194,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865650089,"flow_src_last_pkt_time":1120470865650089,"flow_dst_last_pkt_time":1120470865650089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865651601,"flow_src_last_pkt_time":1120470865651601,"flow_dst_last_pkt_time":1120470865651601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1904,9 +1905,9 @@ 01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471033895104,"flow_src_last_pkt_time":1120471033895104,"flow_dst_last_pkt_time":1120471033895104,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471033895104,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"d00"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036315554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036315554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036315554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120471036315554,"pkt":"ADBUADRWAODtAW69CABFAABEbFQAAIARSwHAqAECwKgBAQsKADUAMJWmjw4AAAABAAAAAAAAATEBEgEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036315554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036315554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.?.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036315554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036315554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.?.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120471036317049,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CwoAR3gijw6AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAgAwAAcAMAAwAAQAAJRAACwlsb2NhbGhvc3QA"} -01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471036317049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} +01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471036317049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470848525656,"flow_src_last_pkt_time":1120470848525656,"flow_dst_last_pkt_time":1120470848527232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470984353086,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -1922,12 +1923,12 @@ 01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471048339111,"flow_src_last_pkt_time":1120471048339111,"flow_dst_last_pkt_time":1120471048339111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471048339111,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471049334155,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471049334155,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471049334155,"pkt":"ADBUADRWAODtAW69CABFAABIbFcAAIARSvrAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaU15Alb4AAAhAAE="} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471049334155,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471049334155,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercimy.v?","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471049334155,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471049334155,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercimy.v?","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471051336804,"packet_id":667,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18432,"global_ts_usec":1120471051336804} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":667,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":18432,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120471049334155,"pkt":"ADBUADRWAODtAW69SABFAABIbFgAAIARQvnAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471053339683,"flow_src_last_pkt_time":1120471053339683,"flow_dst_last_pkt_time":1120471053339683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471053339683,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_src_last_pkt_time":1120471053339683,"flow_dst_last_pkt_time":1120471053339683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471053339683,"pkt":"ADBUADRWAODtAW69CABFAABIbFkAAIARSvjAqAECwKoBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj8XR5AmRrAAAhAAE="} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471053339683,"flow_src_last_pkt_time":1120471053339683,"flow_dst_last_pkt_time":1120471053339683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471053339683,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberc?ty.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471053339683,"flow_src_last_pkt_time":1120471053339683,"flow_dst_last_pkt_time":1120471053339683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471053339683,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberc?ty.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00307{"error_event_id":2,"error_event_name":"Unknown L3 protocol","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471057345430,"packet_id":669,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120471057345430} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120471053339683,"pkt":"ADBcADRHAODtAW69CABgAABIbFoAAIARSvfAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liRXdjaXR5AmRrAAAhgAE="} 00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470442140675,"flow_src_last_pkt_time":1120470442140675,"flow_dst_last_pkt_time":1120470442140675,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471053339683,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -1955,7 +1956,7 @@ 01003{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882846553,"flow_src_last_pkt_time":1120470882846553,"flow_dst_last_pkt_time":1120470882846553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882846553,"flow_src_last_pkt_time":1120470882846553,"flow_dst_last_pkt_time":1120470882846553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470874723383,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01327{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470883845876,"flow_src_last_pkt_time":1120470885848866,"flow_dst_last_pkt_time":1120470883845876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":69,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120471067960587,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3442,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01114{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120471018881832,"flow_dst_last_pkt_time":1120471065350255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":302,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":669,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":6145,"flow_dst_tot_l4_payload_len":4275,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -2002,7 +2003,7 @@ 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470966852771,"flow_src_last_pkt_time":1120470975858171,"flow_dst_last_pkt_time":1120470966852771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01301{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983860327,"flow_src_last_pkt_time":1120470983860327,"flow_dst_last_pkt_time":1120470983860327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470993243427,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470971822331,"flow_src_last_pkt_time":1120470971822331,"flow_dst_last_pkt_time":1120470971822331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470924263958,"flow_src_last_pkt_time":1120470924263958,"flow_dst_last_pkt_time":1120470924263958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -2064,7 +2065,7 @@ 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471010718658,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471018720186,"flow_src_last_pkt_time":1120471018720186,"flow_dst_last_pkt_time":1120471018721702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120471019307986,"flow_src_last_pkt_time":1120471028313614,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471049334155,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471048339111,"flow_src_last_pkt_time":1120471048339111,"flow_dst_last_pkt_time":1120471048339111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471065347471,"flow_src_last_pkt_time":1120471065347471,"flow_dst_last_pkt_time":1120471065347471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2828,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -2096,8 +2097,7 @@ 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635043451,"flow_src_last_pkt_time":1120469635043451,"flow_dst_last_pkt_time":1120469635043451,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01228{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635052210,"flow_src_last_pkt_time":1120469635052210,"flow_dst_last_pkt_time":1120469635052210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"","password":"","auth_failed":0}}} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635052210,"flow_src_last_pkt_time":1120469635052210,"flow_dst_last_pkt_time":1120469635052210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01227{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635048287,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"","password":"","auth_failed":0}}} -00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635048287,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635048287,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 01008{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01003{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635044160,"flow_src_last_pkt_time":1120469635044160,"flow_dst_last_pkt_time":1120469635044160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":120,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -2114,18 +2114,18 @@ 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01227{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635010547,"flow_src_last_pkt_time":1120469635010547,"flow_dst_last_pkt_time":1120469635010547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"","password":"","auth_failed":0}}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635010547,"flow_src_last_pkt_time":1120469635010547,"flow_dst_last_pkt_time":1120469635010547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00665{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":691,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":39,"total-guessed-flows":28,"total-detected-flows":190,"total-detection-updates":88,"total-updates":666,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2117,"global_ts_usec":1120471107427770} +00665{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":691,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":39,"total-guessed-flows":27,"total-detected-flows":191,"total-detection-updates":88,"total-updates":666,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2117,"global_ts_usec":1120471107427770} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 691/569 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 60810 bytes -~~ total detected protocols..: 190 +~~ total detected protocols..: 191 ~~ total active/idle flows...: 257/257 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8364262 bytes -~~ total memory freed........: 8364262 bytes -~~ total allocations/frees...: 149793/149793 +~~ total memory allocated....: 12068785 bytes +~~ total memory freed........: 12068785 bytes +~~ total allocations/frees...: 220047/220047 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 311 chars ~~ json string max len.......: 2450 chars |