summaryrefslogtreecommitdiff
path: root/test/results/default/line.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/line.pcap.out')
-rw-r--r--test/results/default/line.pcap.out15
1 files changed, 8 insertions, 7 deletions
diff --git a/test/results/default/line.pcap.out b/test/results/default/line.pcap.out
index 36ea1d2b0..71d751011 100644
--- a/test/results/default/line.pcap.out
+++ b/test/results/default/line.pcap.out
@@ -7,7 +7,7 @@
00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":608955846,"flow_dst_last_pkt_time":609000395,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_usec":609000395,"pkt":"CAAn5uVZUlQAEjUCCABFAAEOubQAAEAROXh90fzSCgACD1CCxpMA+top2O4AZgYCV\/RJTq5P8eXNYO9XdF70Fj9KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKKQhFbNXLy77WpjeD18nZ+drtK6RQmY4q+mRBLlceZmqHnNWJzSHpFcECYQuk3zzIsa9vbf7wwZSp0W720UImgoQG8xIDcmf3IyEULMH7n4DlZ+HBC9mgpxyGeSyn1UsJEQrLNzYYTLDuupp9QLr1bdLdaGQSknnmOmIo\/wiXaxD2cz\/YCs9qpoCfGznUsRqeRhLebKDtXWvpj11VLZn3YuoHr7wrT85GTmFvtHY1TEEjXAc1P4="}
01495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":608955846,"flow_dst_last_pkt_time":609533458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_usec":609533458,"pkt":"CAAn5uVZUlQAEjUCCABFAAMAuboAAEARN4B90fzSCgACD1CCxpMC7Cmf2uAAZwYCV\/RJTq5P8eXNYO9XdF70Fj9KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKpZJyG\/GGz9dcm\/Mr8\/7LWMlqzk54MO7ELXqtqSqfd\/YBdqlDZSVUrL97nZoyannQ+4sHLstSS32UsGeYFShNlIkPzze5YiNYv50x\/mH\/A9pbgu69Q+WF2ip97UNP5700H4+qhxbmcY9HS8ZIxXwfhRpVqXecYovPU98m66ZIHMk3AxDUggZJzXM8Cg9Ioa5PEOWCC0RQ\/+ZM\/xmE25dREFZwuEuTY4v54VaBEf\/1fcmWRmuO56S4CdHmd3r6UrJgdv7HOPYh1FHZImH9K6Vp5v43+PDFYehvgjuZevIzB9KNNpgRaXiJIoH9HKjsrlk8bFBNxGh\/Z3wVkNzkk6aZPEyGQfpJxhMdxxwGT2MsqjyEwRxvenqN6ZiCnhNKvKa1MoubR4Q69dsKI5vcArBU28dcnpBI49S+Gue7Y63pIbagOo3yJzlth5QkSgGoh3WTgewJUJPSW2CESchMymRIYmXZ453SQiLQDUOijjH9BTXQLRM1Jktgb1Ku3YtQhwOuoynAJXV8IgsD1XNcPeHVXH4cjiPxry8hY2LXG+Dpn0+ElcIAmuYGLXgyIWmFgMDccUsS4PEmO+H98\/37Xgd\/JFCN+BdEPL8h+w8JjEm76kq4pMrFkodu9TWUlq\/f5btNgcE3NZ5tj5unKE3tunn\/9XLrY2YdRaUSo3NFlLxzIy1Ls5OLl\/yp4rUeg\/491eKamydkxVOtbP5kUPMBZAToihwFzkbtaPi\/sHlzwamjGpc5urLdFERd4ubko4hgkGPbUQFvpEefL+PiNep0MCAfLSiIccfs7kEszIxBA1tUC\/E7ZoDjNG8bd9x9za\/H5o\/i6SrM4jgqtlvtdLcuIQKuEI0hJJAH84pOvAZwnqFLwqt9Aj1HWP7oTHWsPEdIMwTkD1+nw0mJ4o="}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":609557906,"flow_dst_last_pkt_time":609533458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":609557906,"pkt":"UlQAEjUCCAAn5uVZCABFAAA6alAAAIARSbAKAAIPfdH80saTUIIAJgbQgOUAAQAAOrIJvaZ41xf3vWhbythM\/0LTmd0td5YJ"}
-02276{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":608455689,"flow_src_last_pkt_time":610177798,"flow_dst_last_pkt_time":609998416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":2795,"flow_dst_tot_l4_payload_len":1792,"midstream":0,"thread_ts_usec":610177798,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":41,"avg":105317.3,"max":602060,"stddev":182193.2,"var":33194352640.0,"ent":3.4,"data": [500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443]},"pktlen": {"min":58,"avg":171.3,"max":900,"stddev":234.5,"var":54984.5,"ent":4.1,"data": [900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65]},"bins": {"c_to_s": [1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0],"entropies": [7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":608455689,"flow_src_last_pkt_time":610177798,"flow_dst_last_pkt_time":609998416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":2795,"flow_dst_tot_l4_payload_len":1792,"midstream":0,"thread_ts_usec":610177798,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":41,"avg":105317.3,"max":602060,"stddev":182193.2,"var":33194352640.0,"ent":3.4,"data": [500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443]},"pktlen": {"min":58,"avg":171.3,"max":900,"stddev":234.5,"var":54984.5,"ent":4.1,"data": [900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65]},"bins": {"c_to_s": [1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0],"entropies": [7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036]},"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":51,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":7138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663913332980371}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1663913332980371,"pkt":"iJCNB9vohKk4ukxYCABFAABkhQ9AAIAGAAAKyAN9k1ylwuHxAbtdIq0\/pMNUV1AYBAFHugAAFwMDADdo++xFfUkOJQ\/QhCWutve1sws40Q+84WpHcqg5rtUCVtgRpFPRgdwDdzjyMyfjtUsn0c73u5RW"}
@@ -15,6 +15,7 @@
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333003014,"flow_dst_last_pkt_time":1663913333003014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913333003014,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1663913333003014,"flow_dst_last_pkt_time":1663913333003014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663913333003014,"pkt":"iJCNB9vohKk4ukxYCABFAAA06jFAAIAGAAAKyAN9k1zy6OMwAbtw6B01AAAAAIAC+vCUsAAAAgQFtAEDAwgBAQQC"}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913333054976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1663913333054976,"pkt":"hKk4ukxYwurksClYCABFAAAoCbxAADEG+LCTXKXCCsgDfQG74fGkw1RXXSKte1AQJV5brQAAAAAAAAAA"}
+00919{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913333054976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913333054976,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1663913333055082,"flow_dst_last_pkt_time":1663913333054976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1663913333055082,"pkt":"iJCNB9vohKk4ukxYCABFAACGhRBAAIAGAAAKyAN9k1ylwuHxAbtdIq17pMNUV1AYBAFH3AAAFwMDAFkJDcRIAPsaOp6NKygBqLcxvAFoFYteZ9YbgX7H2lwkmBtvafz9xNjB4mJ2pbcySwaLuN6+ULfX0U5kuShpGqWTkiHitpHcOpN6wxdON5eCuFRLQmdwS7NJJA=="}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1663913333055082,"flow_dst_last_pkt_time":1663913333089410,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1663913333089410,"pkt":"hKk4ukxYwurksClYCABFAAAoCb1AADEG+K+TXKXCCsgDfQG74fGkw1RXXSKt2VAQJV5bTwAAAAAAAAAA"}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663913333055082,"flow_dst_last_pkt_time":1663913333160571,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"thread_ts_usec":1663913333160571,"pkt":"hKk4ukxYwurksClYCABFAACSCb5AADEG+ESTXKXCCsgDfQG74fGkw1RXXSKt2VAYJV73yQAAFwMDAGVpQgfoxWLrvBHqf+OHhpVDh3Xog4UQ4PIL6h3cjGyJvN9jRmMQ2v5niUoLLr8NhRFgbxlnXHalp1A9B5NQVDlA44SyvYja8FbWD0mA+GmL5k7wySr7fQguu0LEE8qEV5+oHONnwg=="}
@@ -27,7 +28,7 @@
01627{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333481395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3261,"midstream":0,"thread_ts_usec":1663913333481395,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","server_names":"*.line-apps.com,line-apps.com","ja3":"ca75ea4a95a9164cc96e372d7d075183","ja3s":"567bb420d39046dbfd1f68b558d86382","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=JP, ST=Tokyo-to, L=Shinjuku-ku, O=LINE Corporation, CN=*.line-apps.com","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1","fingerprint":"3C:37:D7:AB:BE:E6:5A:A5:BE:14:62:C8:21:8C:BC:E3:3E:A8:3E:96"}}}
02188{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913336388129,"flow_dst_last_pkt_time":1663913336380823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":296,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":1142,"flow_dst_tot_l4_payload_len":1292,"midstream":1,"thread_ts_usec":1663913336388129,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6905,"avg":219619.7,"max":2533141,"stddev":601190.4,"var":361429958656.0,"ent":2.8,"data": [74605,74711,34434,71161,134842,63602,34330,34381,78205,122566,44300,34282,34254,68317,109320,41185,34458,34320,6905,46826,64547,58950,90163,2533141,2477508,34518,34165,78836,154671,69564,35143]},"pktlen": {"min":40,"avg":118.1,"max":374,"stddev":90.9,"var":8262.1,"ent":4.6,"data": [100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89]},"bins": {"c_to_s": [1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0],"entropies": [5.948760986,4.652828693,6.332477570,4.696306705,6.569760323,6.006792545,4.696306705,6.565413952,4.696306705,7.383316040,6.030017853,4.652828693,6.526851654,4.652828693,6.386383057,5.933434010,4.652828217,6.670314789,4.696306705,7.039282322,5.852028370,6.250293255,6.048403740,4.652828693,5.950967789,4.652828693,7.256349564,4.696306705,7.137952328,4.780641556,7.407141685,5.877035141]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
02329{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913342823022,"flow_dst_last_pkt_time":1663913342822836,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4192,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":633542.9,"max":7306445,"stddev":1725177.1,"var":2976235913216.0,"ent":2.7,"data": [237342,237605,1014,239671,1368,0,0,239919,3744,241388,238671,278520,277391,237506,0,0,237646,7029518,7306445,276831,237603,712,0,238338,524359,801600,277245,237667,0,0,237727]},"pktlen": {"min":40,"avg":272.5,"max":1500,"stddev":367.3,"var":134881.6,"ent":4.1,"data": [52,52,40,557,46,1500,1500,381,40,133,314,335,46,581,46,224,75,40,335,46,613,46,224,75,40,335,46,612,46,224,75,40]},"bins": {"c_to_s": [6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0],"entropies": [4.516527176,4.923395157,4.780641556,4.813910007,4.544876099,7.233272552,7.495951176,7.379673958,4.780641556,6.214868546,7.183261871,7.332785606,4.501397610,7.644387245,4.501397610,7.034603119,5.700131416,4.780641556,7.404506683,4.435436726,7.647257328,4.565871716,6.998442650,5.771955490,4.611769676,7.254877090,4.549460888,7.643351078,4.549460888,7.047076225,5.680000782,4.671928883]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-01078{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":22,"flow_first_seen":608455689,"flow_src_last_pkt_time":610324653,"flow_dst_last_pkt_time":610390479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4120,"flow_dst_tot_l4_payload_len":3018,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":22,"flow_first_seen":608455689,"flow_src_last_pkt_time":610324653,"flow_dst_last_pkt_time":610390479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4120,"flow_dst_tot_l4_payload_len":3018,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345063942,"flow_dst_last_pkt_time":1663913345063942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":853,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":853,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913345063942,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
01662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1663913345063942,"flow_dst_last_pkt_time":1663913345063942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":895,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":895,"pkt_l4_len":861,"thread_ts_usec":1663913345063942,"pkt":"iJCNB9vohKk4ukxYCABFAANxQEkAAIARAAAKyAN9k1ypWsfZcY4DXU5q21EDfwYCsDftA62ApMwfM37ZI9Q0qJcVA2+24MTytJtoPbFoYtvVtXvdQe7G+vNkHdVNTkaB7r0rAAAAKwdDz7dnddQSzJpDpiqbSrGFA6xzqQiWcs3ZbpWyKRD30SNFFEmMzPnd4y9oAixi1Jn\/KHGRdHcPcNHno5lEV5NUNwygknAaTuW5Fhkv31hKsKfXMdrXJqc9ngUTgmhB1IAnD\/XqN++J0EeWwXQWXAbuAYLV212eI8okXisddN6hPaDwTg+6Hqi51\/7tkfra+OZuRdsfJLY4P0ve0guKnejEs8dFreWeBszBmKahqBLDDm5r5LGGNENJW8J4kghY6omeYfbdPKC0DhBvpHm5tOyPNm5NbajbIeIMRVvje6lcp+7wIIH4CwFixuH1uDTOq8JkqYz3+zQu0y5hN\/48j6\/OKGLd6LBcYsIWAvFfH3h8cFWGg5FWeuksQ7KpS1g5PnxW1BA2Rz8+XboOW64\/nZNTZ2F0LemkEEHZdNOfCfsTRG7W+zNSkxcOMP1fWnWjDgPpMZQ9eSKRdsAxR4aw9graczj0WiVEFF51uhXaAo+PJmxwMxRi\/U\/lhvoS555BA0lejdkB5fPVli7S78Y\/OGtFgvJjCanPHSajVdXYMfxhErTrJUQjbC6bz8LrTWreS8e69y3vTPY3P3GW9fgT4WAK6YiXqiXHbjqI1KbvZqxTXCko4KbrwWm1VDEV2DTLraW5UVpDftaON2IjAk73ewWuck+hTwNv+2VfihBxmm2071H8A6if+tUV6NPGrFI93LWo4\/E+IQuLx6sF1VSZes1M0tp5EBg+5ijAAWhUeonTQZJizVQTIkCb0WcHlqvblCcMOcLnKQUwDqvkEHbe96N6e2KlSUyrHTgPzoVoWQgTbDCL+OOqpxB1CRmaRWyiOnHDaSseG76f6RQBrHEQHD7ecDNlAbfJPdHKCYE+F\/HOTpaTJlaRpzRaUPXG+PFnDKK+gRffUu37IfUYPd359K0poSNCMUmkFtNBRLlUhaCCCMkRIGP6MwAsuJHolxWY2b3ch4fGwEokOxiC+xvVInYPX1iGoC6hj9SR9dcB\/lQT\/VUWqnYiQQXbuWEsH25mN9C7SQMSmS2nxEyaBLycjD2+mSi8q+gl5g=="}
01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345063942,"flow_dst_last_pkt_time":1663913345063942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":853,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":853,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913345063942,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -35,7 +36,7 @@
01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1663913345288989,"flow_dst_last_pkt_time":1663913345239687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1663913345288989,"pkt":"iJCNB9vohKk4ukxYCABFAAI5QEoAAIARAAAKyAN9k1ypWsfZcY4CJU0y0hkDgEoHzQbzbpAaHct8yLpOlx0zVYHLfb7Q2CpQXClMOTVD1qC\/ElAevWJfxK1\/597BRqrNz2epwf5MbyQyRz5XSf59YvYH8d\/tOs+sUHWhMJZmyPvrvajVIwyGjqg5aMehgW4uMF05PmQvg1rWPysgfqEebdAYD185RMqdeN6TRlAw3rfVsYnUFXsEJkLYXFLdzz5kgUVlyG1v12seuC2xwOzpj+8kT3RLLIrm\/MCRAJBfRGeYWc+awK2LgIOIKVBlE3PbocaEFAH2GrfBTvytKH753SC3Lj74hB9WDGSlcqi7uXuzWRBRn61Gusth2L2stepSzowM0njJyFpNadECVnkjnYnRc+ymasCP4aaU3Etp33s64h0o7SwXspPMQ+raq65bz8Ts8SiP1kjPgJhv1D27tfQDfueBNaGck6bx8QZwmxY4ekAIdFd0hRrJEpvMqI6+ShpMH7SnkFJmH56CCBPyHgHNLKNbj0OrZbVbW3+JD\/8QNvlGbXeY4ad2qI+6iwQ9T9+pupJk2PYzEZG66y4IX\/gw68iid3qi7F0BVebJfPbyYB6veXz3lR0lgqPJFVI8fUqK0jLu7DSrw\/3KwqDiqK6BTdcw7BE4rRFaK4PRHsoR7ivhMGb7ncAHk1d4smVRU0AMma9uod9ETVdoPVBQLpi+f0RBMDC+doKePX0rRAJ66cw8wbRbrCD582xLZ54b8wNbdhcJEw=="}
01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1663913345289048,"flow_dst_last_pkt_time":1663913345239687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1663913345289048,"pkt":"iJCNB9vohKk4ukxYCABFAAI5QEsAAIARAAAKyAN9k1ypWsfZcY4CJU0y0hkDgUoHiKhGaAX5GuajEC5CtPFu0yothBhwyJ1zT9yaiU2LgzNclSnqSz\/zzULt6Yr2Uht1DpmH5gbu3LLsHNV6a14HBQCi8hJG1+TCP9cjocQr6hQcq3q\/O2k+\/RH\/vXoJFAVbZi72muarMz9Km4oEZULu0xNwcEy31AozwG+Fw0Lzts7\/XYXFUqN6MynVit8b0U8pCrhGVDy6qFcRmHuXnnIz4qqGL9wf+jJ9FOfDysrrRd0xX24xx+carokkIOa\/eHaeq7fI1cuvJV1Xdx28wszLbddDq4nb8BH+yPE0pqeN87MnRCNcaToV3O286Qsk\/kbH\/M3N2Z0GSKOE+CgeTnYHP4ri+yYMqPaeKplOBnl2PdJtF5SFk5MsMwnKFFJia7EclZPGnwgp\/e3epaBtok0dVMY1OGVg\/Abq8NTgD8bYqo24tdoqiyH7qoUv3FCaCR2v1RtTlqlwGSmacQNUJTUfd1z8WfoTx\/TXXHmLpTGMJ035XrifRLyX5eNTMv+yDHCP0Vsc3Alvag+dgBD1CByE9NCAhN3HeXYAZdmFb21HcSAYP2LC73xTWJHc84431w1KbPG\/9OMNXAUIpnVN2I5fN88tXVL1EThAkin1a2FiwJksp+74jpvK8VOLSX1nxWX2eqQSqhBWi5NxklPiQiR9tUk7zNvTf1Nx\/0V5JPtwo+lGJIUb2OxgEDyg+yI3Ac\/cOm1CJU31aw=="}
01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1663913345289083,"flow_dst_last_pkt_time":1663913345239687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1663913345289083,"pkt":"iJCNB9vohKk4ukxYCABFAAI5QEwAAIARAAAKyAN9k1ypWsfZcY4CJU0y0hkDgkoH4fXjR78UbBk55bC11tKoet8mWsuofGTVg3BDDueInFq4I2GHIgjJ4u0feEmKlgylyNuTHlxQZc4kH2D\/VY\/VmE46hmqP2oVMjLDXdADwzICO2nyNfpPRWjFRBRR8I4\/VTiJc59XSw6xVKVl+Kltfh2iUVOzTJPxnbYbotdp6D+wgeMUI3WneAvmGtJnJWORgIjgJlaz2ZOanLkN+pFe+jFVSIRwZLIUs8ybS8fHsA85ykwXp0TNJKmBf2pX0EtwanAoUKSCQ6Okumir6819kZMt14QUNfNQanyhsc0WgwnyrobrwZlS1Ic1rX8xoH2MMZGSbt7hIKlWQtuwURlDeoYU9N33anPoFEN5C61vANKW3yqCivFfa5WYFTLqTN9loxIWnygng6F44dvfWKkGIxM6TNZOy84AqtXHeXHpKtnN4rkKnxizdaZyH4BDvwahiJKQQ+0MrdjJanZ2FovMNYlTt3pByQRjjsTlwBRrkhBVGbH10clpFK3srMAWg5I8D9ngdbhTIden3xe\/sKWF1GJnLBrQml3xeBJ4ertZhyVIrr4QiXwfHFFfVpBvoGK8v+HpMYZJLms5ZvEgtsEGGSyKy8odQX4opkjNoALJOy\/CyMc9Xjvc0WqtaILNMHn6Kl9AAcyq6PssvKqRJv5HOvA8GUrutq9Atzc6rjH5SKtx4+gDL7sOUAzCBL\/Bxs9kACdnOsqjuzw=="}
-02245{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345289714,"flow_dst_last_pkt_time":1663913345324209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":9673,"flow_dst_tot_l4_payload_len":6723,"midstream":0,"thread_ts_usec":1663913345324209,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15678.7,"max":225047,"stddev":51123.4,"var":2613605376.0,"ent":1.5,"data": [175745,225047,59,35,38,31,59,34,37,32,38,31,36,30,43,29,35,45,113,84319,0,0,0,0,0,0,155,0,0,0,48]},"pktlen": {"min":59,"avg":540.4,"max":881,"stddev":131.0,"var":17170.0,"ent":4.9,"data": [881,419,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,59,161,398,570,570,570,570,570,570,570,570,570,570,570]},"bins": {"c_to_s": [1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [7.761873245,7.165147781,7.605986118,7.625072002,7.581394672,7.661452770,7.659568310,7.627281189,7.538283348,7.648130894,7.648977280,7.646443367,7.577320099,7.610880852,7.662839413,7.594055176,7.592848778,7.662833691,5.346174717,6.693209171,7.482118607,7.644935131,7.664292812,7.595146656,7.643230438,7.594839096,7.698119640,7.644002914,7.648988724,7.686812401,7.668937206,7.563340664]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+02120{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345289714,"flow_dst_last_pkt_time":1663913345324209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":9673,"flow_dst_tot_l4_payload_len":6723,"midstream":0,"thread_ts_usec":1663913345324209,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15678.7,"max":225047,"stddev":51123.4,"var":2613605376.0,"ent":1.5,"data": [175745,225047,59,35,38,31,59,34,37,32,38,31,36,30,43,29,35,45,113,84319,0,0,0,0,0,0,155,0,0,0,48]},"pktlen": {"min":59,"avg":540.4,"max":881,"stddev":131.0,"var":17170.0,"ent":4.9,"data": [881,419,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,59,161,398,570,570,570,570,570,570,570,570,570,570,570]},"bins": {"c_to_s": [1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [7.761873245,7.165147781,7.605986118,7.625072002,7.581394672,7.661452770,7.659568310,7.627281189,7.538283348,7.648130894,7.648977280,7.646443367,7.577320099,7.610880852,7.662839413,7.594055176,7.592848778,7.662833691,5.346174717,6.693209171,7.482118607,7.644935131,7.664292812,7.595146656,7.643230438,7.594839096,7.698119640,7.644002914,7.648988724,7.686812401,7.668937206,7.563340664]},"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367738267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":160,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913367738267,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367738267,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_usec":1663913367738267,"pkt":"wurksClYhKk4ukxYCABFAAC8Sc8AAIARAAAKyAN9k1ypWsficY4AqEu12JwAcgYC51R82\/sdO99W+wDF9jRfrb04AvdMqXgb50wZvLLuXlSCkyWjcTUi\/cKTsgFGYmcKIB96AAAAGFLc1BqRYT1Dm7zdTADjC6LfWNOY+ZEwbJI1TuqdH\/4lX1PnX5ypdPBspPInQ5c4Diw4J3pBlZs8ubDt+Nn49oFw4dOAHrwEcHe9mQwlyS\/LIDR3HXQdhB1FkyUfjGy7C74gwQ=="}
01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367738267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":160,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913367738267,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -43,12 +44,12 @@
00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1663913369776646,"flow_dst_last_pkt_time":1663913367772993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1663913369776646,"pkt":"wurksClYhKk4ukxYCABFAACgSvMAAIARAAAKyAN9k1ypWsficY4AjEuZ0IAAcxhuz\/CknxAHtn8nVIbxa5FdzvAXUDYRrC1vYGBs6gl2kDv+IDfonNzdmBmoe1ShAHocyanQTqCjjGpx7UoS9VROkFCk9NWJIOfeGjaMAKvNsC88xDjwB9Vf\/kaqamTnUDt+e8vVH\/mBL1fPG5HkHujr+Y+mBI6BFFwwBw4z1XDu"}
00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1663913369776646,"flow_dst_last_pkt_time":1663913369810719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1663913369810719,"pkt":"hKk4ukxYwurksClYCABFAAC4R8BAADERtnmTXKlaCsgDfXGOx+IApJqp0JgCChiGWLDhCymPOiA7GOihUKqK90TkrcqFwullJAEV2oADnWihdbyc6q\/nasDV+Dh7A70pIhdCEfNArR1c\/WhebhyTFFePqAFlbq1OzARGumdiSRhxlNcCjkr6Q2K08GtRKaw\/NnxYXqK5UjlCvzZGM4WI18t7ZD6sNk4z6FH7+I3LIDMZGWElUUwTstmPxEW8Fmp9UpUHCUfq"}
00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1663913371776534,"flow_dst_last_pkt_time":1663913369810719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1663913371776534,"pkt":"wurksClYhKk4ukxYCABFAACgTAsAAIARAAAKyAN9k1ypWsficY4AjEuZ0IAAdBhu88EWWQL4L1LbfqJDYnRGb01n1sKe0lvHVBBVqL892BxEkY41O\/gD87wC+rkYULF+KivffNKDYpmu8Lr2YTMKuqmgFw81LNTiXLlSmUStTYkycWllbdexMt40BG5jgNMIyhppdjzjK900bA0+E\/u\/TLw5WKXLjH9MQPIR88Dz"}
-01104{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913403056559,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913403056559,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":41,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913418926686,"flow_dst_last_pkt_time":1663913418885464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3138,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":4954,"flow_dst_tot_l4_payload_len":2495,"midstream":1,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":21,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913402819217,"flow_dst_last_pkt_time":1663913403056559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4223,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913375776479,"flow_dst_last_pkt_time":1663913375810399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":290,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1663913418926686}
+00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913375776479,"flow_dst_last_pkt_time":1663913375810399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":290,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1663913418926686}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 290/290
~~ skipped flows.............: 0
Powered by cgit, Themed by Ted Yin.