aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/kerberos.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/kerberos.pcap.out')
-rw-r--r--test/results/default/kerberos.pcap.out18
1 files changed, 13 insertions, 5 deletions
diff --git a/test/results/default/kerberos.pcap.out b/test/results/default/kerberos.pcap.out
index e4ff967fc..9d4ce1ac1 100644
--- a/test/results/default/kerberos.pcap.out
+++ b/test/results/default/kerberos.pcap.out
@@ -4,10 +4,12 @@
00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1549337929790448,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929790448,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790962,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_usec":1549337929790962,"pkt":"AAgCHEeupB9ywglqCABFAAE+ExRAAIAGfbSsEAgIrBAIyQBYwAVvOdOesp21NlAYAQCkkQAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDBjUgpgMCARmpEBsOaGFwcHljcmFmdC5vcmeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
+01020{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790962,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":278,"midstream":1,"thread_ts_usec":1549337929790962,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929811952,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929811952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929811952,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929811952,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_usec":1549337929811952,"pkt":"pB9ywglqAAgCHEeuCABFAAFnABtAAIAGkISsEAjJrBAICMAGAFganBtaQ2U1slAYAQDaGgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4YERcga5zFfjuo7+oqo0hJ6Udj7efOwOKKYJj6PKpxuETgzDcdt27IvGW9sEQ18QPUV\/drVuLVBwwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOaGFwcHljcmFmdC5vcmejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETsAWF6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929811952,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929811952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929811952,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929812641,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1549337929812641,"pkt":"AAgCHEeupB9ywglqCABFAACYExlAAIAGflWsEAgIrBAIyQBYwAZDZTtmGpwcmVAYAQDnsgAAX5hri3Z\/opje40K53kwDKo2\/CTegm0pJkWpLVNFlnn\/MakUFXqKHv4CDtH2CbQqvJq\/ecJgxH2EwrzVmUcQk2zqXXjIwbkyszZ9\/Xc6IEgQ4qiI64lPzINS7ueVTbdUXk\/8v52QxoGdMilBjjWTAcQ=="}
+01020{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929811952,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929812641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337929812641,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929815091,"flow_src_last_pkt_time":1549337929815091,"flow_dst_last_pkt_time":1549337929815091,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929815091,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929815091,"flow_dst_last_pkt_time":1549337929815091,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_usec":1549337929815091,"pkt":"pB9ywglqAAgCHEeuCABFAACxACFAAIAGkTSsEAjJrBAICMAHAFgBsoC8gS4auFAYAQDUqQAAiNeE+tCJIo9Cz1KFHGicigIlxkFIEVkb70vifDKvvi6NwB24GlkehWdocuUvESpeAqtSofWtuKDm2yskVOheE+r4DxaQxRLncJy9zYBP+p7ofQvBukmarkg+oY3ctA8jgj5BSy2yi42NlxJjhcjuX3ByLG+GD20zq41Le0TbPh0TFS5qkRb0Q24="}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1549337929815091,"flow_dst_last_pkt_time":1549337929815994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1549337929815994,"pkt":"AAgCHEeupB9ywglqCABFAACbEx9AAIAGfkysEAgIrBAIyQBYwAeBLiBsAbKBRVAYAQBP\/wAA1H56bb56rLTzhI\/so6pGl6jILu03bHY2ZWl4A41JY07Kavo1sQRKhlNPx3vE\/LdSF6BX6NLW1Fm3Tdmvr7ZEbPWOq8FZs9c0RBY7wJbwPUW44FlC0vhqJn1yGB3K1Fxl0gPqAAMzMrhupJQMQzjV4fgdag=="}
@@ -29,10 +31,12 @@
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1549337930192989,"flow_dst_last_pkt_time":1549337930192989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1549337930192989,"pkt":"pB9ywglqAAgCHEeuCABFAAEXAE9AAIAGkKCsEAjJrBAICMAOAFh1zEKiBQpS4FAYAQB22wAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE6HHTSoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
01134{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337930192989,"flow_src_last_pkt_time":1549337930192989,"flow_dst_last_pkt_time":1549337930192989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337930192989,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1549337930192989,"flow_dst_last_pkt_time":1549337930193305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_usec":1549337930193305,"pkt":"AAgCHEeupB9ywglqCABFAAE+E0ZAAIAGfYKsEAgIrBAIyQBYwA4FClLgdcxDkVAYAQCvKAAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDDGWApgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
+01021{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337930192989,"flow_src_last_pkt_time":1549337930192989,"flow_dst_last_pkt_time":1549337930193305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":278,"midstream":1,"thread_ts_usec":1549337930193305,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337930214154,"flow_src_last_pkt_time":1549337930214154,"flow_dst_last_pkt_time":1549337930214154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337930214154,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1549337930214154,"flow_dst_last_pkt_time":1549337930214154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_usec":1549337930214154,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAFNAAIAGkEysEAjJrBAICMAPAFhOqMfQDl0Bb1AYAQBFdgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4T+8E3pUi7h1ZsZOoIXjjwvAQAgQGpJXHn0jgIAIbXQei+GxBZQViNO7UVdhzj5KUys1PXrvG2C8wEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETocdNKgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
01134{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337930214154,"flow_src_last_pkt_time":1549337930214154,"flow_dst_last_pkt_time":1549337930214154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337930214154,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1549337930214154,"flow_dst_last_pkt_time":1549337930214775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1549337930214775,"pkt":"AAgCHEeupB9ywglqCABFAACYE0tAAIAGfiOsEAgIrBAIyQBYwA8OXQcjTqjJD1AYAQBZNwAAQBgDyB6VZPxID+fu9kcivDlP7463Dy1IfrYrHVzuJLB3P27gpkccW43Mtu3NrktwKAyme0Z0QNo0JvH3ppwCLvPborHS7i5Jp9I5pxLf5LZX6AlmVea2udQa4ufUWkijqzhrShLiqrevOUKPGzj2OQ=="}
+01021{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337930214154,"flow_src_last_pkt_time":1549337930214154,"flow_dst_last_pkt_time":1549337930214775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337930214775,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337930217118,"flow_src_last_pkt_time":1549337930217118,"flow_dst_last_pkt_time":1549337930217118,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337930217118,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1549337930217118,"flow_dst_last_pkt_time":1549337930217118,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_usec":1549337930217118,"pkt":"pB9ywglqAAgCHEeuCABFAADBAFlAAIAGkOysEAjJrBAICMAQAFhuA\/SQrSTVxVAYAQACWAAAqoGWMIGToAMCARKigYsEgYhFQhzXcnmj64Ly0uBtjkMUoTuM+x\/rpAOTUWDkUHAspBDcB8geScaOnqOyTgnIEt9ORSbyaLGh7aDpqWoX8LkoU9AsGNn4U6LRjikWi59PfjQn46P9BY0tn6JOEZn\/IKW+bzyhJYK72MU5dfE\/Y9v1QP4pOcMGsyTXEkOUPDq6y5KpwHUNPs1e"}
00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1549337930217118,"flow_dst_last_pkt_time":1549337930217937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_usec":1549337930217937,"pkt":"AAgCHEeupB9ywglqCABFAACmE1FAAIAGfg+sEAgIrBAIyQBYwBCtJNt5bgP1KVAYAQC1BwAApQG9zo7oa2HyeKU61c2m29Ax+Ioczo4ZbPhC81jR0pDanr7lBKhJeMuGW\/uva7FyAslnHaJSlZ\/JCHVy9T8T0Ut1tj8cqy\/o\/YC+6XwQJV1\/l63dulAmK8KMVnuSbTDSVBQ5iahKxwLlZ8cbK3LMBirQeX8FcESDlzlIPsVQ"}
@@ -78,10 +82,12 @@
00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1549337937703350,"flow_dst_last_pkt_time":1549337937703350,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1549337937703350,"pkt":"pB9ywglqAAgCHEeuCABFAAEXANlAAIAGkBasEAjJrBAICMAdAFjHhcaiuhdcXlAYAQCv5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBFIcW1KoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337937703350,"flow_src_last_pkt_time":1549337937703350,"flow_dst_last_pkt_time":1549337937703350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337937703350,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1549337937703350,"flow_dst_last_pkt_time":1549337937703857,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_usec":1549337937703857,"pkt":"AAgCHEeupB9ywglqCABFAAE+E6VAAIAGfSOsEAgIrBAIyQBYwB26F1xex4XHkVAYAQDp0AAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg1NlqlBQIDBJWNpgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
+01022{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937703350,"flow_src_last_pkt_time":1549337937703350,"flow_dst_last_pkt_time":1549337937703857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":278,"midstream":1,"thread_ts_usec":1549337937703857,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337937724378,"flow_src_last_pkt_time":1549337937724378,"flow_dst_last_pkt_time":1549337937724378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337937724378,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00963{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1549337937724378,"flow_dst_last_pkt_time":1549337937724378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_usec":1549337937724378,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAN1AAIAGj8KsEAjJrBAICMAeAFgo\/29go\/Vk0VAYAQAVQgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4EwWkoanvLUiVA5eu8uG72\/EPy4+eHAiK9HbftleuqZ7DwBR\/wY3Sc5USTXPr6SJXdlLH8zfIE5MwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLSk9ITlNPTi1QQySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEUhxbUqgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337937724378,"flow_src_last_pkt_time":1549337937724378,"flow_dst_last_pkt_time":1549337937724378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337937724378,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1549337937724378,"flow_dst_last_pkt_time":1549337937724993,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1549337937724993,"pkt":"AAgCHEeupB9ywglqCABFAACYE6pAAIAGfcSsEAgIrBAIyQBYwB6j9WqFKP9wn1AYAQCbeQAAeBxjGZR555TmhlGtfWdB3hqYo6lYswe6vKpNUcrN1M7KGcxMIdPLYhZ04dECjGI6ypolTWuvt884Bi2lq0pIFbZFVKD3x\/BnUesSWAB9L0qg+5NPzwAEggckaZSGKHdd5sXD0ux4MNvoyw986qY1Nw=="}
+01022{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937724378,"flow_src_last_pkt_time":1549337937724378,"flow_dst_last_pkt_time":1549337937724993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337937724993,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337937725890,"flow_src_last_pkt_time":1549337937725890,"flow_dst_last_pkt_time":1549337937725890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337937725890,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1549337937725890,"flow_dst_last_pkt_time":1549337937725890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1549337937725890,"pkt":"pB9ywglqAAgCHEeuCABFAAB4AONAAIAGkKusEAjJrBAICMAfAFi1TK\/3YmHJT1AYAQDj2wAAbj2wbk+derrxO0c0pxRSdruhR6\/j4Ui\/xNsBa8OfbfRkbAwdywbQynHUORFcFH8maukxsoLa+OhvD2a5+zDPKPlneJ\/sg2b\/GuIvr5ZD3Bg="}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1549337937725890,"flow_dst_last_pkt_time":1549337937726633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1549337937726633,"pkt":"AAgCHEeupB9ywglqCABFAABQE7BAAIAGfgasEAgIrBAIyQBYwB9iYc8DtUywR1AYAQDGTwAA4zLECSz5GZPNqNSL4T5BMx8WrZoQ8TiJymulR2VkZN3O1rD+5YXABg=="}
@@ -96,10 +102,12 @@
00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1549337951630943,"flow_dst_last_pkt_time":1549337951630943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_usec":1549337951630943,"pkt":"pB9ywglqAAgCHEeuCABFAAETAQ1AAIAGj+asEAjJrBAICMAjAFj9jJo6lSyMo1AYAQB4vAAAAAAA52qB5DCB4aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBvTCBuqAHAwUAQIEAEKEcMBqgAwIBAaETMBEbD3RoZXJlc2Euam9obnNvbqIMGwpIQVBQWUNSQUZUox8wHaADAgECoRYwFBsGa3JidGd0GwpIQVBQWUNSQUZUpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEXdv8Z6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
01136{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337951630943,"flow_src_last_pkt_time":1549337951630943,"flow_dst_last_pkt_time":1549337951630943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337951630943,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}}
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1549337951630943,"flow_dst_last_pkt_time":1549337951631242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1549337951631242,"pkt":"AAgCHEeupB9ywglqCABFAAEYE9dAAIAGfResEAgIrBAIyQBYwCOVLIyj\/YybJVAYAQAREAAAAAAA7H6B6TCB5qADAgEFoQMCAR6kERgPMjAxOTAyMDUwMzM5MTBapQUCAwNKZqYDAgEZqQwbCkhBUFBZQ1JBRlSqHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSsgYsEgYgwgYUwYqEDAgETolsEWTBXMCagAwIBEqEfGx1IQVBQWUNSQUZULk9SR3RoZXJlc2Euam9obnNvbjAFoAMCARcwJqADAgEDoR8bHUhBUFBZQ1JBRlQuT1JHdGhlcmVzYS5qb2huc29uMAmhAwIBAqICBAAwCaEDAgEQogIEADAJoQMCAQ+iAgQA"}
+01023{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951630943,"flow_src_last_pkt_time":1549337951630943,"flow_dst_last_pkt_time":1549337951631242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":240,"midstream":1,"thread_ts_usec":1549337951631242,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337951638319,"flow_src_last_pkt_time":1549337951638319,"flow_dst_last_pkt_time":1549337951638319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":315,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337951638319,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00955{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1549337951638319,"flow_dst_last_pkt_time":1549337951638319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_usec":1549337951638319,"pkt":"pB9ywglqAAgCHEeuCABFAAFjARFAAIAGj5KsEAjJrBAICMAkAFi0GLZOsNNMHlAYAQAvMAAAAAABN2qCATMwggEvoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4Wndh9xw8qUUtso0vc8TuP9R5peLYlUKrIi93QkMXsrfVII\/B8UhLSOwTSHwq5LSHP2vURJP\/YpgwEaEEAgIAgKIJBAcwBaADAQH\/pIG9MIG6oAcDBQBAgQAQoRwwGqADAgEBoRMwERsPdGhlcmVzYS5qb2huc29uogwbCkhBUFBZQ1JBRlSjHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSlERgPMjAzNzA5MTMwMjQ4MDVaphEYDzIwMzcwOTEzMDI0ODA1WqcGAgRd2\/xnqBUwEwIBEgIBEQIBFwIBGAIC\/3kCAQOpHTAbMBmgAwIBFKESBBBKT0hOU09OLVBDICAgICAg"}
01136{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337951638319,"flow_src_last_pkt_time":1549337951638319,"flow_dst_last_pkt_time":1549337951638319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":315,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337951638319,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}}
00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1549337951638319,"flow_dst_last_pkt_time":1549337951638954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1549337951638954,"pkt":"AAgCHEeupB9ywglqCABFAADKE9xAAIAGfWCsEAgIrBAIyQBYwCSw01HStBi3iVAYAQA+gAAAtgxIRqdE2xpJueUsyACfoBkRIO2d0vdWoZTH7\/Uq\/IekfUoxUBvBS550+iWChkmhJucRdY1OlQL1WMQC8uhxGdFWaESvp\/JzESFsbwdEK2JaAYNNrn2MyR4+4w4oYIB6xP3aoFYA9y5s01X0oEa\/3ePvjWb66V7pwZZYO9bc89yozmxDtVb4zCT8SyPCYGj7ljiOz9w+sICchbsKK+VkdLL4"}
+01023{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951638319,"flow_src_last_pkt_time":1549337951638319,"flow_dst_last_pkt_time":1549337951638954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":315,"flow_dst_tot_l4_payload_len":162,"midstream":1,"thread_ts_usec":1549337951638954,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337951639128,"flow_src_last_pkt_time":1549337951639128,"flow_dst_last_pkt_time":1549337951639128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337951639128,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1549337951639128,"flow_dst_last_pkt_time":1549337951639128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1549337951639128,"pkt":"pB9ywglqAAgCHEeuCABFAABRARdAAIAGkJ6sEAjJrBAICMAlAFiRlp2kV2CH+1AYAQDPTQAAMzcwOTEzMDI0ODA1WqcGAgRd2\/xvqBIwEAIBEgIBEQIBFwIBGAIC\/3k="}
00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1549337951639128,"flow_dst_last_pkt_time":1549337951639626,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"thread_ts_usec":1549337951639626,"pkt":"AAgCHEeupB9ywglqCABFAABqE+JAAIAGfbqsEAgIrBAIyQBYwCVXYI2vkZadzVAYAQBXRgAAQS6YdBRcDlPtUTrjUB8narHoPerU+E0Jfux+IwijhqkO1zkqtUVGrf6H2Py3dE6xzPm7+U9W58\/67z4LH\/YlBX9v"}
@@ -131,14 +139,14 @@
00873{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1549337940432879,"flow_src_last_pkt_time":1549337940433720,"flow_dst_last_pkt_time":1549337940433470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":579,"flow_dst_tot_l4_payload_len":284,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1549337940432879,"flow_src_last_pkt_time":1549337940433720,"flow_dst_last_pkt_time":1549337940433470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":579,"flow_dst_tot_l4_payload_len":284,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790962,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":278,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929811952,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929812641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929811952,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929812641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00998{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929815091,"flow_src_last_pkt_time":1549337929815091,"flow_dst_last_pkt_time":1549337929815994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929815091,"flow_src_last_pkt_time":1549337929815091,"flow_dst_last_pkt_time":1549337929815994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929816676,"flow_src_last_pkt_time":1549337929816676,"flow_dst_last_pkt_time":1549337929816935,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1444,"flow_src_tot_l4_payload_len":1431,"flow_dst_tot_l4_payload_len":1444,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00998{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929981761,"flow_src_last_pkt_time":1549337929981761,"flow_dst_last_pkt_time":1549337929983015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":126,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929981761,"flow_src_last_pkt_time":1549337929981761,"flow_dst_last_pkt_time":1549337929983015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":126,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337930192989,"flow_src_last_pkt_time":1549337930192989,"flow_dst_last_pkt_time":1549337930193305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":278,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337930214154,"flow_src_last_pkt_time":1549337930214154,"flow_dst_last_pkt_time":1549337930214775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337930214154,"flow_src_last_pkt_time":1549337930214154,"flow_dst_last_pkt_time":1549337930214775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337930217118,"flow_src_last_pkt_time":1549337930217118,"flow_dst_last_pkt_time":1549337930217937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":126,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337930217118,"flow_src_last_pkt_time":1549337930217118,"flow_dst_last_pkt_time":1549337930217937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":126,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00997{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931198672,"flow_src_last_pkt_time":1549337931198672,"flow_dst_last_pkt_time":1549337931199586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":68,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
@@ -150,13 +158,13 @@
00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931218156,"flow_src_last_pkt_time":1549337931218156,"flow_dst_last_pkt_time":1549337931219086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931219686,"flow_src_last_pkt_time":1549337931219686,"flow_dst_last_pkt_time":1549337931220282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1444,"flow_src_tot_l4_payload_len":1431,"flow_dst_tot_l4_payload_len":1444,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937703350,"flow_src_last_pkt_time":1549337937703350,"flow_dst_last_pkt_time":1549337937703857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":278,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937724378,"flow_src_last_pkt_time":1549337937724378,"flow_dst_last_pkt_time":1549337937724993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937724378,"flow_src_last_pkt_time":1549337937724378,"flow_dst_last_pkt_time":1549337937724993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00994{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937725890,"flow_src_last_pkt_time":1549337937725890,"flow_dst_last_pkt_time":1549337937726633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":40,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937725890,"flow_src_last_pkt_time":1549337937725890,"flow_dst_last_pkt_time":1549337937726633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":40,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337940431467,"flow_src_last_pkt_time":1549337940431467,"flow_dst_last_pkt_time":1549337940432366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337940431467,"flow_src_last_pkt_time":1549337940431467,"flow_dst_last_pkt_time":1549337940432366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951630943,"flow_src_last_pkt_time":1549337951630943,"flow_dst_last_pkt_time":1549337951631242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":240,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951638319,"flow_src_last_pkt_time":1549337951638319,"flow_dst_last_pkt_time":1549337951638954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":315,"flow_dst_tot_l4_payload_len":162,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951638319,"flow_src_last_pkt_time":1549337951638319,"flow_dst_last_pkt_time":1549337951638954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":315,"flow_dst_tot_l4_payload_len":162,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00994{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951639128,"flow_src_last_pkt_time":1549337951639128,"flow_dst_last_pkt_time":1549337951639626,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":66,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951639128,"flow_src_last_pkt_time":1549337951639128,"flow_dst_last_pkt_time":1549337951639626,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":66,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337951709754,"flow_src_last_pkt_time":1549337951709754,"flow_dst_last_pkt_time":1549337951710662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":217,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":190,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":190,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
@@ -187,7 +195,7 @@
00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931220307,"flow_src_last_pkt_time":1549337931220307,"flow_dst_last_pkt_time":1549337931221192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":190,"global_ts_usec":1549337952283232}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":198,"global_ts_usec":1549337952283232}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 77/77
~~ skipped flows.............: 0
Powered by cgit, Themed by Ted Yin.