diff options
Diffstat (limited to 'test/results/default/pps.pcap.out')
| -rw-r--r-- | test/results/default/pps.pcap.out | 92 |
1 files changed, 69 insertions, 23 deletions
diff --git a/test/results/default/pps.pcap.out b/test/results/default/pps.pcap.out index e142fc386..ce574d5e8 100644 --- a/test/results/default/pps.pcap.out +++ b/test/results/default/pps.pcap.out @@ -145,18 +145,22 @@ 01833{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":994,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353138757317,"flow_src_last_pkt_time":1467353138757317,"flow_dst_last_pkt_time":1467353138757317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353138757317,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"api.cupid.iqiyi.com","http": {"url":"api.cupid.iqiyi.com\/track2?a=1&as=1;2,3;4,5&b=1467353138&c=ae87cb3cfdf494aa48dc608909f69250&cv=5.2.15.2240&d=5000000858874&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000927558&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=aea56a808fc92ef360519121948e0f27&sv=4.10.004&u=1&up=&v=5000000859124&ve=1&w=2,3","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00780{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1467353138757540,"flow_dst_last_pkt_time":1467353138757317,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1467353138757540,"pkt":"TF4M6gNlABxCjnAxCABFAADjA1pAAIAGlRvAqHMIZePIC8UfAFBKp6XxWDmKmFAY\/\/B4OwAAc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} 00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1467353138757540,"flow_dst_last_pkt_time":1467353138794624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_usec":1467353138794624,"pkt":"ABxCjnAxTF4M6gNlCABFAAEkTcBAAC8Gm3Rl48gLwKhzCABQxR9YOYqYSqemrFAYSdTGUAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM4IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAyDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCm9r"} +01857{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":996,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353138757317,"flow_src_last_pkt_time":1467353138757540,"flow_dst_last_pkt_time":1467353138794624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":252,"flow_src_tot_l4_payload_len":1447,"flow_dst_tot_l4_payload_len":252,"midstream":1,"thread_ts_usec":1467353138794624,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"api.cupid.iqiyi.com","http": {"url":"api.cupid.iqiyi.com\/track2?a=1&as=1;2,3;4,5&b=1467353138&c=ae87cb3cfdf494aa48dc608909f69250&cv=5.2.15.2240&d=5000000858874&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000927558&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=aea56a808fc92ef360519121948e0f27&sv=4.10.004&u=1&up=&v=5000000859124&ve=1&w=2,3","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353138931591,"flow_src_last_pkt_time":1467353138931591,"flow_dst_last_pkt_time":1467353138931591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":653,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":653,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":653,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353138931591,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1467353138931591,"flow_dst_last_pkt_time":1467353138931591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":707,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":707,"pkt_l4_len":673,"thread_ts_usec":1467353138931591,"pkt":"TF4M6gNlABxCjnAxCABFAAK1A3VAAIAG1W7AqHMIe31wMcUgAFAUdsqc+xrYh1AYQTe7PAAAR0VUIC9jbGs\/NTNlMjVlMzNlMDY0YzY1N2MwNmI1NThlNWMzYzMzZmQgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBjbGljay5obS5iYWlkdS5jb20NCkNvb2tpZTogSE1BQ0NPVU5UPTg4Q0M2OUIwNEM5RDYyOUE7IEJBSURVSUQ9MjEwMkRDNzUxRUQwREYzNkUzRDZDRjZDMjEwRkFCNzk6Rkc9MQ0KDQo="} 01411{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353138931591,"flow_src_last_pkt_time":1467353138931591,"flow_dst_last_pkt_time":1467353138931591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":653,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":653,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":653,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353138931591,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.hm.baidu.com","http": {"url":"click.hm.baidu.com\/clk?53e25e33e064c657c06b558e5c3c33fd","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 01446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1467353138931591,"flow_dst_last_pkt_time":1467353139050485,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":744,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":744,"pkt_l4_len":710,"thread_ts_usec":1467353139050485,"pkt":"ABxCjnAxTF4M6gNlCABFAALaH2hAAC0GDFd7fXAxwKhzCABQxSD7GtiHFHbNKVAYADhuxwAASFRUUC8xLjEgMzAyIEZvdW5kDQpMb2NhdGlvbjogaHR0cHM6Ly95b3V0dS5iZS85b3ZjSndDN0FFYw0KU2V0LUNvb2tpZTogSF9NS1RfQ0xLSUQ9MDAwMDAwMDE1OWRhMTZiODU3NzYwODMyNWEwOGEzNzYwMDAwMDAyMDM1MzM2NTMyMzU2NTMzMzM2NTMwMzYzNDYzMzYzNTM3NjMzMDM2NjIzNTM1Mzg2NTM1NjMzMzYzMzMzMzY2NjQwMDAwMDAwODc5NmY3NTc0NzUyZTYyNjU7IFBhdGg9LzsgRG9tYWluPWhtLmJhaWR1LmNvbTsgRXhwaXJlcz1GcmksIDAxIEp1bCAyMDE2IDA2OjM1OjM4IEdNVA0KU2V0LUNvb2tpZTogSF9NS1RfQ0xLTE9HPTAwMDAwMDAxNTlkYTE2Yjg1Nzc2MDgzMjVhMDhhMzc2MDAwMDAwMjAzNTMzNjUzMjM1NjUzMzMzNjUzMDM2MzQ2MzM2MzUzNzYzMzAzNjYyMzUzNTM4NjUzNTYzMzM2MzMzMzM2NjY0MDAwMDAwMDg3OTZmNzU3NDc1MmU2MjY1OyBQYXRoPS87IERvbWFpbj1obS5iYWlkdS5jb207IEV4cGlyZXM9RnJpLCAwMSBKdWwgMjAxNiAwNjozNTozOCBHTVQNClAzUDogQ1A9IkNVUmEgQURNYSBERVZhIFBTQW8gUFNEbyBPVVIgQlVTIFVOSSBQVVIgSU5UIERFTSBTVEEgUFJFIENPTSBOQVYgT1RDIE5PSSBEU1AgQ09SIg0KQ29ubmVjdGlvbjogY2xvc2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM4IEdNVA0KU2VydmVyOiBhcGFjaGUNCg0K"} +01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353138931591,"flow_src_last_pkt_time":1467353138931591,"flow_dst_last_pkt_time":1467353139050485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":653,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":653,"flow_dst_max_l4_payload_len":690,"flow_src_tot_l4_payload_len":653,"flow_dst_tot_l4_payload_len":690,"midstream":1,"thread_ts_usec":1467353139050485,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.hm.baidu.com","http": {"url":"click.hm.baidu.com\/clk?53e25e33e064c657c06b558e5c3c33fd","code":302,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353139305921,"flow_src_last_pkt_time":1467353139305921,"flow_dst_last_pkt_time":1467353139305921,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":226,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353139305921,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1467353139305921,"flow_dst_last_pkt_time":1467353139305921,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_usec":1467353139305921,"pkt":"TF4M6gNlABxCjnAxCABFAAEKA4dAAIAGQVvAqHMIy0K2GMUiAFDWCs3i1IWCxVAYAQQdEwAAR0VUIC9vY3NwL01Fa3dSekJGTUVNd1FUQUpCZ1VyRGdNQ0dnVUFCQlR5NEdyNWhZb2RqWENiU1JramVxbTFHaWglMkJaQVFVU3QwR0ZodTg5bWkxZHZXQnRydGlHcnBhZ1M4Q0NFWXJGWGtxMnVneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1pY3Jvc29mdC1DcnlwdG9BUEkvNi4xDQpIb3N0OiBjbGllbnRzMS5nb29nbGUuY29tDQoNCg=="} 01305{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353139305921,"flow_src_last_pkt_time":1467353139305921,"flow_dst_last_pkt_time":1467353139305921,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":226,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353139305921,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","http": {"url":"clients1.google.com\/ocsp\/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}}} 01541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1467353139305921,"flow_dst_last_pkt_time":1467353139309485,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":813,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":813,"pkt_l4_len":779,"thread_ts_usec":1467353139309485,"pkt":"ABxCjnAxTF4M6gNlCABFAAMfaWMAAD0GXGrLQrYYwKhzCABQxSLUhYLF1grOxFAYAO2vKAAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jc3AtcmVzcG9uc2UNCkRhdGU6IFR1ZSwgMjggSnVuIDIwMTYgMTc6MzQ6NDkgR01UDQpFeHBpcmVzOiBTYXQsIDAyIEp1bCAyMDE2IDE3OjM0OjQ5IEdNVA0KU2VydmVyOiBvY3NwX3Jlc3BvbmRlcg0KQ29udGVudC1MZW5ndGg6IDQ2Mw0KWC1YU1MtUHJvdGVjdGlvbjogMTsgbW9kZT1ibG9jaw0KWC1GcmFtZS1PcHRpb25zOiBTQU1FT1JJR0lODQpBZ2U6IDIxNzg0OQ0KQ2FjaGUtQ29udHJvbDogcHVibGljLCBtYXgtYWdlPTM0NTYwMA0KDQowggHLCgEAoIIBxDCCAcAGCSsGAQUFBzABAQSCAbEwggGtMIGWohYEFErdBhYbvPZotXb1gba7Yhq6WoEvGA8yMDE2MDYyODA3MDAxN1owazBpMEEwCQYFKw4DAhoFAAQU8uBq+YWKHY1wm0kZI3qptRoofmQEFErdBhYbvPZotXb1gba7Yhq6WoEvAghGKxV5KtroM4AAGA8yMDE2MDYyODA3MDAxN1qgERgPMjAxNjA3MDUwNzAwMTdaMA0GCSqGSIb3DQEBCwUAA4IBAQBKs877cfA5B2KGhwFSvIyUBYVxkUFjApJpIKog7zezUT4uRPAvbjktL\/Ds15nk8Y2Znhsf4SdVmf8GlloCQ6IXimfBklwRGn8\/72t77ZQLcabmXBFNBqyfqmRrW1O7lFh1alLxLnbN6PNKIPNv7dkTJVq4NRpJC1H3sykeA3XbH5EEaxhdvWFd1bsvybTiEgn7Bn5bpdXlExvoxRYuc7MLXQAUHRWSGKZpv+UniRokZRHgZy2GbGkQE8sf0PVCXrNjm4qsIXnQvqrF2J2xxFQ5x1wzU7J9l9Av+bPvuQI2mdLqvQskYq3tOxhJ6prFG9fcqt4lJS5E11mkG9tPXiAq"} +01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353139305921,"flow_src_last_pkt_time":1467353139305921,"flow_dst_last_pkt_time":1467353139309485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":226,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":759,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":759,"midstream":1,"thread_ts_usec":1467353139309485,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web","hostname":"clients1.google.com","http": {"url":"clients1.google.com\/ocsp\/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz","code":200,"content_type":"application\/ocsp-response","user_agent":"Microsoft-CryptoAPI\/6.1"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353139505242,"flow_src_last_pkt_time":1467353139505242,"flow_dst_last_pkt_time":1467353139505242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":575,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":575,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":575,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353139505242,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01295{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1467353139505242,"flow_dst_last_pkt_time":1467353139505242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":629,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":629,"pkt_l4_len":595,"thread_ts_usec":1467353139505242,"pkt":"TF4M6gNlABxCjnAxCABFAAJnA5RAAIAG6ATAqHMIymwO28UjAFBUZatTb7o85VAYAQQGIwAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRzdGFydCZzdGFydHRtPTEwOTcmcmVzZXQ9MSZyYT0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxMTkmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} 01565{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353139505242,"flow_src_last_pkt_time":1467353139505242,"flow_dst_last_pkt_time":1467353139505242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":575,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":575,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":575,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353139505242,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=11&ct=adstart&starttm=1097&reset=1&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353119&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1467353139505242,"flow_dst_last_pkt_time":1467353139595550,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353139595550,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5uuZAADMGf2DKbA7bwKhzCABQxSNvujzlVGWtklAYADcmHAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01590{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1002,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353139505242,"flow_src_last_pkt_time":1467353139505242,"flow_dst_last_pkt_time":1467353139595550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":575,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":575,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":575,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353139595550,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=11&ct=adstart&starttm=1097&reset=1&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353119&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":200,"content_type":"text\/html","user_agent":"QY-Player-Windows\/2.0.102"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1003,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353139627198,"flow_src_last_pkt_time":1467353139627198,"flow_dst_last_pkt_time":1467353139627198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":519,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":519,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":519,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353139627198,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1467353139627198,"flow_dst_last_pkt_time":1467353139627198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":573,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":573,"pkt_l4_len":539,"thread_ts_usec":1467353139627198,"pkt":"TF4M6gNlABxCjnAxCABFAAIvA51AAIAG6DPAqHMIymwO28UlAFD7uSUWcC90rlAYAQQTNwAAR0VUIC9jb3JlP3Q9NSZhPTImcmE9MSZwZj0yMDEmcD0xMSZwMT0xMTQmcDI9MzAwMCZzZGt0cD0xJmMxPTMxJnI9NDc5NTMxMDAwJmFpZD0xODA5MzIzMDEmdT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZwdT0mb3M9V2luZG93cyUyMDcmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxMzkmaXNsb2NhbD0wJmFzPTAzMTFjNWEwZDU1OTYwNjNkYjU5NDRiZDc2YjZjYmZmJnZlPWIxZjkwZjhkYTZmZTAyNThkMTM2MTZhODA3MGNiOTk3JnBlPSZ2ZnJtPSZjaGw9JmhjZG52PTEwLjAuMC4yOTMmdHBjZD0wJmlzZHJtPTEmaHQ9MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} 01509{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1003,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353139627198,"flow_src_last_pkt_time":1467353139627198,"flow_dst_last_pkt_time":1467353139627198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":519,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":519,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":519,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353139627198,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} @@ -164,11 +168,14 @@ 01023{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1467353139662190,"flow_dst_last_pkt_time":1467353139662190,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1467353139662190,"pkt":"TF4M6gNlABxCjnAxCABFAAGaA59AAIAG6LXAqHMIymwO7MUmAFBtzkRVA7NFyFAYAQQzoQAAR0VUIC9iP3Q9NSZwZj0yMDEmcD0xMSZwMT0xMTQmYT0zNCZjdD1vbmNsaWNrJnR5cGU9cGMmYXM9JmNsdD1wY19wbGF5X3BsYXllcl9jbGljayZtdj01LjIuMTUuMjI0MCZwdT0mcm49MEZFMTcyRUM0NEM0NEI4NkFFRURFNTRBQTAwNTQxQzQ1NzQwNiZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9Mi4wLjEwMi4zMDE0NyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} 01383{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1004,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353139662190,"flow_src_last_pkt_time":1467353139662190,"flow_dst_last_pkt_time":1467353139662190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":370,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":370,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353139662190,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.iqiyi.com","http": {"url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1467353139662190,"flow_dst_last_pkt_time":1467353139771496,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_usec":1467353139771496,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0y0pAADMGbvDKbA7swKhzCABQxSYDs0XIbc5Fx1AYAB\/3XQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} +01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1005,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353139662190,"flow_src_last_pkt_time":1467353139662190,"flow_dst_last_pkt_time":1467353139771496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":370,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":370,"flow_dst_tot_l4_payload_len":140,"midstream":1,"thread_ts_usec":1467353139771496,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.iqiyi.com","http": {"url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147","code":200,"content_type":"text\/html","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1467353139627198,"flow_dst_last_pkt_time":1467353139779501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353139779501,"pkt":"ABxCjnAxTF4M6gNlCABFAAC58h9AADMGSCfKbA7bwKhzCABQxSVwL3Su+7knHVAYADbM\/QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01534{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353139627198,"flow_src_last_pkt_time":1467353139627198,"flow_dst_last_pkt_time":1467353139779501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":519,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":519,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":519,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353139779501,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":200,"content_type":"text\/html","user_agent":"QY-Player-Windows\/2.0.102"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1007,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353139819305,"flow_src_last_pkt_time":1467353139819305,"flow_dst_last_pkt_time":1467353139819305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":898,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":898,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":898,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353139819305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1467353139819305,"flow_dst_last_pkt_time":1467353139819305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":952,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":952,"pkt_l4_len":918,"thread_ts_usec":1467353139819305,"pkt":"TF4M6gNlABxCjnAxCABFAAOqA7FAAIAG5pPAqHMIymwO7MUnAFCB65R9kZemalAYQTdERQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9MXx8NzEwMDAwMDF8fDUwMDAwMDA4NTg4NzR8fDUwMDAwMDA5Mjc1NTh8fHJvbGwmYXM9JmF2PTQuMTAuMDA0JmI9MTgwOTMyMzAxJmM9MzEmY3Q9JmQ9MjE3NSZkaT0mZHA9JmU9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPSZvaT0mcD10JnBwPSZyYz0tMSZyZD05MiZyaT0mcz0xNDY3MzUzMTM4MDQzJnNoPSZzcT0mc3c9JnQ9cyZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} 01738{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1007,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353139819305,"flow_src_last_pkt_time":1467353139819305,"flow_dst_last_pkt_time":1467353139819305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":898,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":898,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":898,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353139819305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1&rd=92&ri=&s=1467353138043&sh=&sq=&sw=&t=s&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1467353139819305,"flow_dst_last_pkt_time":1467353139866496,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353139866496,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5KWZAADMGENDKbA7swKhzCABQxSeRl6ZqgeuX\/1AYACHEyQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1008,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353139819305,"flow_src_last_pkt_time":1467353139819305,"flow_dst_last_pkt_time":1467353139866496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":898,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":898,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":898,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353139866496,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1&rd=92&ri=&s=1467353138043&sh=&sq=&sw=&t=s&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":200,"content_type":"image\/gif","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353140628897,"flow_src_last_pkt_time":1467353140628897,"flow_dst_last_pkt_time":1467353140628897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1046,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1046,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1046,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353140628897,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01926{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1467353140628897,"flow_dst_last_pkt_time":1467353140628897,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1100,"pkt_l4_len":1066,"thread_ts_usec":1467353140628897,"pkt":"TF4M6gNlABxCjnAxCABFAAQ+A+YAAIAGJdrAqHMIymwO3cUqAFDSWIZQbAIVvVAYKACmwAAAR0VUIC9iP2MxPTYmczE9MSZtYWNpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZjaGFubmVsaWQ9MDAwJm51PSZlPTEzNTI1Mjgmc2U9MTI1MzgxMSZyPTUwMDQ5NDYwMCZhZHVpZD1kMDdkZmQzMGYwZWU0ZTQ4YmJjYWYxMjA4Yzc1ODQ3MSZjdG09MTM3NTIxMSZwbGF5c291cmNlPTAwMTAwNDAwMCZ2aWQ9NTYyZTI2Y2FlZDU2OTU5MDAyMTJlYjMyNTkwNzBmOGEmYWxidW1pZD01MDA0OTQ2MDAmcmE9MiZ0ZD0yMjY1MiZzdWNjZXNzaW9uPTQmdHlwZT0xJnZmcm09My0wMDEwMDQwMDAtY19jb3JnaS0wJmJ1Y2tldD1jX2NvcmdpX21haW4mcmF0cD0xJnBsYXltb2RlPTEmaHU9LTEmaHQ9MCZhcD0wJnQ9MjAxJmN0PWNsdF9fcGxfcGxheSZ2ZT0xMzUyNTI4JnBmPTIwMSZwPTExJnAxPTExNCZwMj0xMDExJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9JnY9Mi4wLjEwMi4zMDE0NyZkZT1hMGVlNzdhNTYzODg5N2JlYmZkODU1NWIzMjcwYmVmNiZtdj01LjIuMTUuMjI0MCZrdj0xMC4wLjAuMjkzJnNvdXJjZTE9bWluaXBsYXllciZzb3VyY2UyPW1pbmlwbGF5ZXImc291cmNlMz0lZTUlYjAlOGYlZTYlOTIlYWQlZTYlOTQlYmUlZTUlOTklYTgmc291cmNlND0lZTUlYjAlOGYlZTYlOTIlYWQlZTYlOTQlYmUmcGxheV9zb3VyY2U9MSZvcHQ9MCZjbHQ9aG9tZWRsJnNjZW5lPTEmcm49MDAwMDAwMDE0NjczNTMxNDAgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMDsgQ0lCQTsgQWxleGEgVG9vbGJhcjsgWnVuZSA0LjcpDQpIb3N0OiBtc2cuaXFpeWkuY29tDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29va2llOiB0YnZlcj1hbHhpLTkuMzk7IGFpZD1kbWVrYzFhUEMzMDA4cA0KDQo="} 02079{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1009,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353140628897,"flow_src_last_pkt_time":1467353140628897,"flow_dst_last_pkt_time":1467353140628897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1046,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1046,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1046,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353140628897,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.iqiyi.com","http": {"url":"msg.iqiyi.com\/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=22652&succession=4&type=1&vfrm=3-001004000-c_corgi-0&bucket=c_corgi_main&ratp=1&playmode=1&hu=-1&ht=0&ap=0&t=201&ct=clt__pl_play&ve=1352528&pf=201&p=11&p1=114&p2=1011&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&v=2.0.102.30147&de=a0ee77a5638897bebfd8555b3270bef6&mv=5.2.15.2240&kv=10.0.0.293&source1=miniplayer&source2=miniplayer&source3=%e5%b0%8f%e6%92%ad%e6%94%be%e5%99%a8&source4=%e5%b0%8f%e6%92%ad%e6%94%be&play_source=1&opt=0&clt=homedl&scene=1&rn=00000001467353140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA; Alexa Toolbar; Zune 4.7)","detected_os":"Windows 7"}}} @@ -176,22 +183,27 @@ 01711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1467353140655019,"flow_dst_last_pkt_time":1467353140655019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":941,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":941,"pkt_l4_len":907,"thread_ts_usec":1467353140655019,"pkt":"TF4M6gNlABxCjnAxCABFAAOfA+lAAIAG5mbAqHMIymwO7MUrAFDgGmOz15qFMlAYQTe3tgAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjoxfDImYXY9NC4xMC4wMDQmYj0yMDQwNzY3MDEmYz02JmN0PTUwMDAwMDA5MjY3OTUmZD0xNTgmZGk9JmRwPTcxMDAwMDAxJmU9NTEyYWI3N2RlN2Y2N2Q0OWYyNGQzNTExNzc4MjIwZDAmZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPTUwMDAwMDA4NTYzNDQmb2k9JnA9YSZwcD0mcmM9JnJkPSZyaT0mcz0xNDY3MzUzMTM5MDU3JnNoPSZzcT0mc3c9JnQ9c3AmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NTAwNDk0NjAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} 01727{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1010,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353140655019,"flow_src_last_pkt_time":1467353140655019,"flow_dst_last_pkt_time":1467353140655019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353140655019,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353139057&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=500494600&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1467353140628897,"flow_dst_last_pkt_time":1467353140677489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_usec":1467353140677489,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0b19AADMGyurKbA7dwKhzCABQxSpsAhW90liKZlAYABAfBgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} +02104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1011,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353140628897,"flow_src_last_pkt_time":1467353140628897,"flow_dst_last_pkt_time":1467353140677489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1046,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1046,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":1046,"flow_dst_tot_l4_payload_len":140,"midstream":1,"thread_ts_usec":1467353140677489,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.iqiyi.com","http": {"url":"msg.iqiyi.com\/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=22652&succession=4&type=1&vfrm=3-001004000-c_corgi-0&bucket=c_corgi_main&ratp=1&playmode=1&hu=-1&ht=0&ap=0&t=201&ct=clt__pl_play&ve=1352528&pf=201&p=11&p1=114&p2=1011&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&v=2.0.102.30147&de=a0ee77a5638897bebfd8555b3270bef6&mv=5.2.15.2240&kv=10.0.0.293&source1=miniplayer&source2=miniplayer&source3=%e5%b0%8f%e6%92%ad%e6%94%be%e5%99%a8&source4=%e5%b0%8f%e6%92%ad%e6%94%be&play_source=1&opt=0&clt=homedl&scene=1&rn=00000001467353140","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA; Alexa Toolbar; Zune 4.7)","detected_os":"Windows 7"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353140709487,"flow_src_last_pkt_time":1467353140709487,"flow_dst_last_pkt_time":1467353140709487,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":890,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":890,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":890,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353140709487,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1467353140709487,"flow_dst_last_pkt_time":1467353140709487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":944,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":944,"pkt_l4_len":910,"thread_ts_usec":1467353140709487,"pkt":"TF4M6gNlABxCjnAxCABFAAOiA\/BAAIAG5m3AqHMIymwO28UpAFCvhj83b730NFAYAQRULwAAR0VUIC9jb3JlP3Q9MSZyZXNldD0wJnZmcm10cD0xJnRtMT0mdG0yPTAmdG0yMT0wJnRtMjI9MCZ0bTIzPTAmdG0yND0wJnRtMz0xMTcmdG0zMT0wJnRtMzI9NDcmdG0zMz03OCZ0bTM0PTEmdG00PTEzNyZ0bTQxPTAmdG00Mj0xNiZ0bTQzPTEyNSZ0bTQ0PTImdG01PTE2NSZ0bTUxPTAmdG01Mj0wJnRtNTM9MCZ0bTU0PTEwJnRtNj0mdG02Mj0wJnRtNjM9MCZ0bTc9MCZ0bTcxPTAmdG03Mj0wJnRtNzM9MCZ0bTg9MCZ0bTgxPTAmdG04Mj0wJnRtODM9MCZ0bTk9OTE2JnRtOTI9MTYmdG05Mz02MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZyYT0yJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNDAmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} 01880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353140709487,"flow_src_last_pkt_time":1467353140709487,"flow_dst_last_pkt_time":1467353140709487,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":890,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":890,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":890,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353140709487,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=916&tm92=16&tm93=62&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=2&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1467353140655019,"flow_dst_last_pkt_time":1467353140720033,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353140720033,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5F1lAADMGIt3KbA7swKhzCABQxSvXmoUy4BpnKlAYACB7oAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01752{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353140655019,"flow_src_last_pkt_time":1467353140655019,"flow_dst_last_pkt_time":1467353140720033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353140720033,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353139057&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=500494600&vv=5.2.15.2240&x=&y=qc_100001_100140","code":200,"content_type":"image\/gif","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1014,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353140755684,"flow_src_last_pkt_time":1467353140755684,"flow_dst_last_pkt_time":1467353140755684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":602,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":602,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":602,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353140755684,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01334{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1467353140755684,"flow_dst_last_pkt_time":1467353140755684,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":656,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":656,"pkt_l4_len":622,"thread_ts_usec":1467353140755684,"pkt":"TF4M6gNlABxCjnAxCABFAAKCA\/NAAIAGOsjAqHMIZeMgJ8UsAFDdytkdPM+rpVAY\/\/BCUgAAR0VUIC92aS81MDA0OTQ2MDAvNTYyZTI2Y2FlZDU2OTU5MDAyMTJlYjMyNTkwNzBmOGEvP3NyYz0xXzExXzExNCBIVFRQLzEuMQ0KSG9zdDogY2FjaGUudmlkZW8uaXFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29va2llOiBwcHNfY2xpZW50X3ZlcjI9NS4yLjE1LjIyNDA7IFQwMDQwND00ZTNhZTQxNWE1ODQ3NDhhYzlhYTMxNjI4ZjM5ZDFlODsgX3Bwc19pdmk9Vms0OU1UWXdOVEExTGFXL3BQbWhSejgvUDZUYXBFZW11RDgvcE0rd1pqOHRwTFd4M3pnd3Bsby9wR2FvY1NaV1VEMHhKbFpEUFQ4L1B6OCtwTFd4M3pnd3Bsby9wR2FvY1NaV1NqMHRNU1pXVXoxV0psWkVQU1pXVkZ0QlhUMHlNVGMxSmxaTlBTWldWajAxTGpJdU1UVXVNakkwTUNaV1ZUMW9kSFJ3T2k4dmQzZDNMbWx4YVhscExtTnZiUzkyWHpFNWNuSnNkblY0YkdjdWFIUnRiQT09OyBRQzAwNj11NTQ5dnB6MTBsOWZrYXR1bTRhbHc0YnA7IFFDMDA4PTE0NjY2NDU4MTYuMTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE7IEhtX2x2dF81M2I3Mzc0YTYzYzM3NDgzZTVkZDk3ZDc4ZDliYjM2ZT0xNDY2NjQ1ODE3OyBRQzAwNT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KDQo="} 01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1014,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353140755684,"flow_src_last_pkt_time":1467353140755684,"flow_dst_last_pkt_time":1467353140755684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":602,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":602,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":602,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353140755684,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"cache.video.iqiyi.com","http": {"url":"cache.video.iqiyi.com\/vi\/500494600\/562e26caed5695900212eb3259070f8a\/?src=1_11_114","code":0,"content_type":"","user_agent":""}}} 01899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1467353140755684,"flow_dst_last_pkt_time":1467353140794121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"thread_ts_usec":1467353140794121,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhBAADEGzgRl4yAnwKhzCABQxSw8z6ul3crbd1AQPSRKcgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkFjY2Vzcy1Db250cm9sLUFsbG93LUNyZWRlbnRpYWxzOiB0cnVlDQoNCmQ0OQ0KeyJjblByZW1UaW1lIjowLCJlZGl0b3JJbmZvIjoiIiwidmlkZW9RaXB1SWQiOjUwMDQ5NDYwMCwicmV3YXJkQWxsb3dlZCI6MCwibnVybCI6IiIsInN1cElkIjowLCJvbmxpbmVTdGF0dXMiOjEsImR0eXBlIjozLCJwdnUiOiIiLCJpc3N1ZVRpbWUiOjIwMTYwNjI1LCJ3cml0ZXIiOiIiLCJpc1RvcENoYXJ0IjowLCJxaXlpUGxheVN0cmF0ZWd5Ijoi5q+P5ZGo5LqU5ZGo5YWtMjA6MDAiLCJ1cCI6IjIwMTYtMDYtMjkgMTk6NDc6MDIiLCJpcExpbWl0IjowLCJ1biI6IiIsImV4Y2x1c2l2ZSI6MSwidm4iOiLjgIrkuIDmtL7mlrnoqIDjgItDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwicHR1cmwiOiIiLCJzdGFydFRpbWUiOi0xLCJzdCI6MjAwLCJ0eSI6MjAxNjA2MjUsInNtIjowLCJzaG93Q2hhbm5lbElkIjo2LCJwb3Z1IjoiIiwicHJvZHVjZXJzIjoiIiwiZXRtIjoiIiwic3VwTmFtZSI6IiIsInR2RW5hbWUiOiIiLCJzYyI6MCwiY2MiOjAsIm1kb3duIjowLCJwYW5vIjp7InR5cGUiOjF9LCJtYWluQWN0b3JSb2xlcyI6W10sInN1YktleSI6IjIwNDA3NjcwMSIsImFwaWMiOiJodHRwOlwvXC9waWM1LnFpeWlwaWMuY29tXC9pbWFnZVwvMjAxNjA2MjVcL2Q3XC81OVwvdl8xMTA1ODM2NjZfbV82MDEuanBnIiwiZXMiOjEsInByb2R1Y2VyIjoiIiwiZW5kVGltZSI6LTEsImF1IjoiaHR0cDpcL1wvd3d3LmlxaXlpLmNvbVwvdl8xOXJybGpmM2hnLmh0bWwiLCJjaXJjbGUiOnsidHlwZSI6MiwiaWQiOjIwNQ=="} +01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1015,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353140755684,"flow_src_last_pkt_time":1467353140755684,"flow_dst_last_pkt_time":1467353140794121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":602,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":602,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":602,"flow_dst_tot_l4_payload_len":1024,"midstream":1,"thread_ts_usec":1467353140794121,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"cache.video.iqiyi.com","http": {"url":"cache.video.iqiyi.com\/vi\/500494600\/562e26caed5695900212eb3259070f8a\/?src=1_11_114","code":200,"content_type":"text\/html","user_agent":""}}} 01899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1467353140755684,"flow_dst_last_pkt_time":1467353140794124,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"thread_ts_usec":1467353140794124,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhFAADEGzgNl4yAnwKhzCABQxSw8z6+l3crbd1AQPSTsVQAANDczOTQ3fSwiaXNEaXNwbGF5Q2lyY2xlIjoxLCJwYXlNYXJrIjowLCJwbGMiOnsiNCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxMCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCI1Ijp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjExIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjEyIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjciOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTgiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTMiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTQiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiOCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjkiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiNiI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxNiI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxNSI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIzIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjE3Ijp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjIiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMjEiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTkiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMjAiOnsiY29hIjoxLCJkb3duQWxkIjoxfX0sIm50dmQiOjAsInR2Rm9jdXNlIjoi6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwiY1R5cGUiOjcsInFpeWlQcm9kdWNlZCI6MSwidm90ZXMiOltdLCJhbGJ1bVFpcHVJZCI6NTAwNDk0NjAwLCJjYXRlZ29yeUtleXdvcmRzIjoi57u86Im6LDUwMDQ5NDYwMCwwLGh0dHA6XC9cL2xpc3QuaXFpeWkuY29tXC93d3dcLzZcLy0tLS0tLS0tLS0tLS0tLS0tLS5odG1sIOWGheWcsCwxNTEsMSxodHRwOlwvXC9saXN0LmlxaXlpLmNvbVwvd3d3XC82XC8xNTEtLS0tLS0tLS0tLS0tLS0tLS0uaHRtbCDlhbblroMsMTYxLDIsaHR0cDpcL1wvbGlzdC5pcWl5aS5jb21cL3d3d1wvNlwvLTE2MS0tLS0tLS0tLS0tLS0tLS0tLmh0bWwg5q2M6IieLDIxMjEsMixodHRwOlwvXC9saXN0LmlxaXlpLmNvbVwvd3d3XC82XC8tMjEyMS0tLS0tLS0tLS0tLQ=="} 01904{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1467353140755684,"flow_dst_last_pkt_time":1467353140794125,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"thread_ts_usec":1467353140794125,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhJAADEGzgJl4yAnwKhzCABQxSw8z7Ol3crbd1AQPSQ64AAALS0tLS0uaHRtbCIsImlkbCI6MSwic3RtIjoiIiwiYXN1YnQiOiLkuKrmgKfnlLflrannu4TlkIhDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwiZm9sbG93ZXJDb3VudCI6MCwiY29hIjowLCJrZXl3b3JkIjoi5Y2B5LiJ5Lq\/5YiG6LSd5LmL5LiA5rS+5pa56KiAIiwiYXV0aG9ycyI6IiIsInNpZCI6MjA0MDc2NzAxLCJudmlkIjoiIiwidWlkIjo0NjMzNzI2NzkwLCJhaWQiOjUwMDQ5NDYwMCwiZCI6IiIsInZpZCI6IjU2MmUyNmNhZWQ1Njk1OTAwMjEyZWIzMjU5MDcwZjhhIiwiZHRzIjoiMjAxNjA2MjkxOTQ3MDIiLCJlIjoiIiwiYW4iOiLjgIrkuIDmtL7mlrnoqIDjgItDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwic3RsIjp7ImQiOiJodHRwOlwvXC9tZXRhLnZpZGVvLnFpeWkuY29tIiwic3RsIjpbXX0sImluZm8iOiLjgIrkuIDmtL7mlrnoqIDjgItDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwiaXMzRCI6MCwiaXMiOjEsInRwbCI6W10sImZscHBzIjpbXSwiZmwiOltdLCJxdElkIjoxMzYxNjkxNSwiYXIiOiLlhoXlnLAiLCJzIjoi5Y2B5LiJ5Lq\/5YiG6LSd5LmL5LiA5rS+5pa56KiAIiwiYSI6IiIsInBwc3VwbG9hZGlkIjowLCJ0dmlkIjo1MDA0OTQ2MDAsImFjdG9ycyI6W10sInVzZXJWaWRlb2NvdW50IjowLCJtYSI6IiIsInJld2FyZE1lc3NhZ2UiOiIiLCJ2VHlwZSI6MSwiYyI6NiwidnUiOiJodHRwOlwvXC93d3cuaXFpeWkuY29tXC92XzE5cnJsamYzaGcuaHRtbCIsInZwaWMiOiJodHRwOlwvXC9waWM1LnFpeWlwaWMuY29tXC9pbWFnZVwvMjAxNjA2MjVcL2Q3XC81OVwvdl8xMTA1ODM2NjZfbV82MDEuanBnIiwicHJldmlld0ltYWdlVXJsIjoiIiwidHZTZWFzb24iOjAsInBwc0luZm8iOnsibmFtZSI6IjE2MDYyNS3oirHnta7vvJrkuKrmgKfnlLflrannu4TlkIhDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLLeWNgeS4ieS6v+WIhui0neS5i+S4gOa0vuaWueiogCIsInNob3J0VGl0bGUiOiIxNjA2MjUt6Iqx57Wu7w=="} 01341{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1467353140755684,"flow_dst_last_pkt_time":1467353140794126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":663,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":663,"pkt_l4_len":629,"thread_ts_usec":1467353140794126,"pkt":"ABxCjnAxTF4M6gNlCABFAAKJvhNAADEGz6Bl4yAnwKhzCABQxSw8z7el3crbd1AYPSR27QAAvJrkuKrmgKfnlLflrannu4TlkIhDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLLeWNgeS4ieS6v+WIhui0neS5i+S4gOa0vuaWueiogCJ9LCJhbGJ1bUFsaWFzIjoi5Liq5oCn55S35a2p57uE5ZCIQy1CbG9ja+mVv+aymeivneOAiuiAgeihl+eahOWRs+OAiyIsImFsbG93RWRpdFZWSXFpeWkiOjAsImFjdG9yUm9sZXMiOltdLCJ0YWdzIjpbXSwiaXNQb3B1cCI6MSwicGQiOjEsInBsZyI6MTU4LCJsZyI6Miwic3ViVHlwZSI6MiwidXBPcmRlciI6MSwic2hvcnRUaXRsZSI6IkMtQmxvY2vjgIrogIHooZfnmoTlkbPjgIsiLCJwcmVzZW50b3IiOltdLCJwdWJUaW1lIjoiMTQ2Njg1MzYyMTAwMCIsImlmcyI6MSwiYm9zc1N0YXR1cyI6MCwidGciOiLlhoXlnLAg5YW25a6DIOatjOiIniIsImNvbW1lbnRBbGxvd2VkIjoxLCJwbGF0Zm9ybXMiOlsiUEhPTkUiLCJQQUQiLCJQQyIsIlBDX0FQUCIsIlRWIiwiUEhPTkVfV0VCX0lRSVlJIiwiUEFEX1dFQl9JUUlZSSJdLCJpc1ZpcCI6IiIsInN1cFR5cGUiOiIiLCJjcGEiOjEsInN1YnQiOiLkuKrmgKfnlLflrannu4TlkIhDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwidHZQaGFzZSI6MH0NCjANCg0K"} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1467353140709487,"flow_dst_last_pkt_time":1467353140888501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353140888501,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5fz1AADMGuwnKbA7bwKhzCABQxSlvvfQ0r4ZCsVAYADyHfQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01905{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1019,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353140709487,"flow_src_last_pkt_time":1467353140709487,"flow_dst_last_pkt_time":1467353140888501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":890,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":890,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":890,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353140888501,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=916&tm92=16&tm93=62&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=2&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":200,"content_type":"text\/html","user_agent":"QY-Player-Windows\/2.0.102"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1020,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353141138031,"flow_src_last_pkt_time":1467353141138031,"flow_dst_last_pkt_time":1467353141138031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353141138031,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1467353141138031,"flow_dst_last_pkt_time":1467353141138031,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_usec":1467353141138031,"pkt":"TF4M6gNlABxCjnAxCABFAAJYBBhAAIAG54\/AqHMIymwO28UtAFDtOXdacCs02FAYAQQdugAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRlbmQmcmVzZXQ9MCZyYT0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNDAmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} 01550{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1020,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353141138031,"flow_src_last_pkt_time":1467353141138031,"flow_dst_last_pkt_time":1467353141138031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353141138031,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1021,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1467353141138031,"flow_dst_last_pkt_time":1467353141308906,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353141308906,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5uEFAADMGggXKbA7bwKhzCABQxS1wKzTY7Tl5ilAYADfR4AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01575{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1021,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353141138031,"flow_src_last_pkt_time":1467353141138031,"flow_dst_last_pkt_time":1467353141308906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353141308906,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":200,"content_type":"text\/html","user_agent":"QY-Player-Windows\/2.0.102"}}} 01720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1467353142534251,"flow_dst_last_pkt_time":1467353139866496,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_usec":1467353142534251,"pkt":"TF4M6gNlABxCjnAxCABFAAOkBEBAAIAG5grAqHMIymwO7MUnAFCB65f\/kZem+1AYQRL+yQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNDIwNDQmc2g9JnNxPSZzdz0mdD0xcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1467353142534251,"flow_dst_last_pkt_time":1467353142600485,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353142600485,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5KWdAADMGEM\/KbA7swKhzCABQxSeRl6b7geube1AYACTHuAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1024,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144633895,"flow_src_last_pkt_time":1467353144633895,"flow_dst_last_pkt_time":1467353144633895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":293,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353144633895,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -201,18 +213,22 @@ 01047{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144819974,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":444,"pkt_l4_len":410,"thread_ts_usec":1467353144819974,"pkt":"TF4M6gNlABxCjnAxCABFAAGuBX9AAIAGQAzAqHMIjM3zQMUyAFBCtQhgUXsfllAYQTeurQAAR0VUIC9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MSBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNClJlZmVyZXI6IGh0dHA6Ly9pbWFnZTEud2Vic2NhY2hlLmNvbS92b2RndWlkZS9pbWFnZXMvdGFvYmFvYWQvdGFvYmFvL3Rhb2Jhby5odG1sDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KQ29va2llOiBjbmE9L2NBSER3UTFtMndDQVhhakNGbzBCbmxmOyBjbmF1aT0xOTgzMTU5NDkzDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiBjbWMudGFueC5jb20NCg0K"} 01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1025,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144819974,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144819974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":390,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":390,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":390,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353144819974,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cmc.tanx.com","http": {"url":"cmc.tanx.com\/andc?andc_uid=6693851615885049011&andc_ver=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)","detected_os":"Windows 7"}}} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144913514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1467353144913514,"pkt":"ABxCjnAxTF4M6gNlCABFAAENPiNAACwGXAmMzfNAwKhzCABQxTJRex+WQrUJ5lAYFg2SoAAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBjbG9zZQ0KU2VydmVyOiBUZW5naW5lDQpUaW1pbmctQWxsb3ctT3JpZ2luOiAqDQoNCjMxDQpHSUY4OWEBAAEAkQAAAAAA\/\/\/\/\/\/\/\/AAAAIfkEAQAAAgAsAAAAAAEAAQAAAgJUAQA7DQowDQoNCg=="} +01186{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1026,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353144819974,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144913514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":390,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":390,"flow_dst_max_l4_payload_len":229,"flow_src_tot_l4_payload_len":390,"flow_dst_tot_l4_payload_len":229,"midstream":1,"thread_ts_usec":1467353144913514,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cmc.tanx.com","http": {"url":"cmc.tanx.com\/andc?andc_uid=6693851615885049011&andc_ver=1","code":200,"content_type":"image\/gif","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)","detected_os":"Windows 7"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353147705460,"flow_src_last_pkt_time":1467353147705460,"flow_dst_last_pkt_time":1467353147705460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":363,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":363,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":363,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353147705460,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1467353147705460,"flow_dst_last_pkt_time":1467353147705460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1467353147705460,"pkt":"TF4M6gNlABxCjnAxCABFAAGTCAFAAIAG5GvAqHMIymwO28UzAFD2bwdscQOwMVAYAQQLYgAAR0VUIC9jb3JlP3Q9MTUwMzI5MSZ0eXBlPXZzJnV1aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mYXJlYT1PVkVSU0VBfFRXX0hpTmV0JmZyb209QlNfSGlnaCZ0bz1CU19TdGFuZGFyZCZwbGF5ZXJfc3dpdGNoX2JzX3RpbWU9NDE3MTQmYXZlcmFnZV9kb3dubG9hZF9zcGVlZF89MTU4NTE1LjIwMDAwMCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} 01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353147705460,"flow_src_last_pkt_time":1467353147705460,"flow_dst_last_pkt_time":1467353147705460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":363,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":363,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":363,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353147705460,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1467353147705460,"flow_dst_last_pkt_time":1467353147794494,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353147794494,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FnZAADMGI9HKbA7bwKhzCABQxTNxA7Ax9m8I11AYADa2JwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01378{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1028,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353147705460,"flow_src_last_pkt_time":1467353147705460,"flow_dst_last_pkt_time":1467353147794494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":363,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":363,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":363,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353147794494,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000","code":200,"content_type":"text\/html","user_agent":"QY-Player-Windows\/2.0.102"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353147927208,"flow_src_last_pkt_time":1467353147927208,"flow_dst_last_pkt_time":1467353147927208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":568,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353147927208,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01287{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1467353147927208,"flow_dst_last_pkt_time":1467353147927208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":622,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":622,"pkt_l4_len":588,"thread_ts_usec":1467353147927208,"pkt":"TF4M6gNlABxCjnAxCABFAAJgCC5AAIAG43HAqHMIymwO28U0AFClUF0ecJA2DlAYAQSk3gAAR0VUIC9jb3JlP3Q9NSZhPTQmaXNmaW5pc2g9MiZ0bT03JnJhPTImdHJhPTEmcGY9MjAxJnA9MTEmcDE9MTE0JnAyPTMwMDAmc2RrdHA9MSZjMT02JnI9NTAwNDk0NjAwJmFpZD01MDI5NTk5MDAmdT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZwdT0mb3M9d2luZG93cyZ2PTUlMkUyJTJFMTUlMkUyMjQwJmtydj0yJTJFMCUyRTEwMiZkdD0maHU9LTEmcm49MTQ2NzM1MzE0NyZpc2xvY2FsPTAmYXM9ZDE5ZjY0MDQ3YjY0MWNkNmZmMDk2YjA0ZmIyYTMwYjUmdmU9M2NjMGM4ZmEzNzI2MjVlNjQxNDMxNDQ4MTZmM2U5NjgmcGU9Yzk1ZDk5MmUyOTg1NmRjODRmMmU5OTA3YTJlNGIyODImdmZybT0mY2hsPSZoY2Rudj0xMC4wLjAuMjkzJnRwY2Q9MCZpc2RybT0xJmh0PTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="} 01558{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353147927208,"flow_src_last_pkt_time":1467353147927208,"flow_dst_last_pkt_time":1467353147927208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":568,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353147927208,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=5&a=4&isfinish=2&tm=7&ra=2&tra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353147&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1467353147927208,"flow_dst_last_pkt_time":1467353148016498,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353148016498,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kRtAADMGqSvKbA7bwKhzCABQxTRwkDYOpVBfVlAYADcrXAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01583{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1030,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353147927208,"flow_src_last_pkt_time":1467353147927208,"flow_dst_last_pkt_time":1467353148016498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":568,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353148016498,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=5&a=4&isfinish=2&tm=7&ra=2&tra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353147&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":200,"content_type":"text\/html","user_agent":"QY-Player-Windows\/2.0.102"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353150114018,"flow_src_last_pkt_time":1467353150114018,"flow_dst_last_pkt_time":1467353150114018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":893,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":893,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":893,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353150114018,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1467353150114018,"flow_dst_last_pkt_time":1467353150114018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"thread_ts_usec":1467353150114018,"pkt":"TF4M6gNlABxCjnAxCABFAAOlCc1AAIAG4HzAqHMIymwO7MU1AFBQgbYWJ\/60ElAYQTeIsAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNDkwNDUmc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} 01733{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353150114018,"flow_src_last_pkt_time":1467353150114018,"flow_dst_last_pkt_time":1467353150114018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":893,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":893,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":893,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353150114018,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353149045&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1467353150114018,"flow_dst_last_pkt_time":1467353150272483,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353150272483,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5A3BAADMGNsbKbA7swKhzCABQxTUn\/rQSUIG5k1AYACEwggAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01758{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1032,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353150114018,"flow_src_last_pkt_time":1467353150114018,"flow_dst_last_pkt_time":1467353150272483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":893,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":893,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":893,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353150272483,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353149045&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":200,"content_type":"image\/gif","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353151975342,"flow_dst_last_pkt_time":1467353151975342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":177,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353151975342,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1467353151975342,"flow_dst_last_pkt_time":1467353151975342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1467353151975342,"pkt":"TF4M6gNlABxCjnAxCABFAADZC01AAIAGRNfAqHMITeooYMU2AFCms6ewkbp6GVAYAQQ6hQAAUE9TVCAvYmMyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtZW5jDQpVc2VyLUFnZW50OiB7RDY5OTA1NEQtMTY5OS00N0QyLTlCMkItRTk2RjQzOEMxMTYwfQ0KQ29udGVudC1MZW5ndGg6IDU2NzANCkhvc3Q6IGJjdS5mZi5hdmFzdC5jb20NCg0K"} 01368{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353151975342,"flow_dst_last_pkt_time":1467353151975342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":177,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353151975342,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"bcu.ff.avast.com","http": {"url":"bcu.ff.avast.com\/bc2","code":0,"content_type":"","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}","request_content_type":"application\/x-enc"}}} @@ -232,19 +248,23 @@ 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1467353156641491,"flow_dst_last_pkt_time":1467353156641491,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1467353156641491,"pkt":"TF4M6gNlABxCjnAxCABFAAEpDsFAAIAGbi7AqHMI3xpqFMU4AFDYI3WbArNbVVAYAQSIDAAAR0VUIC8yMDE2MDYyNS9hNS9iZi80MTNmOTFhZDEwMWU3ODBhNmI2M2Y4MjZlMjhiOTkyMC54bWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1ldGEudmlkZW8ucWl5aS5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOjUwMDQ5NDYwMF8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} 01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353156641491,"flow_src_last_pkt_time":1467353156641491,"flow_dst_last_pkt_time":1467353156641491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353156641491,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"meta.video.qiyi.com","http": {"url":"meta.video.qiyi.com\/20160625\/a5\/bf\/413f91ad101e780a6b63f826e28b9920.xml","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} 02231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1467353156641491,"flow_dst_last_pkt_time":1467353156699175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353156699175,"pkt":"ABxCjnAxTF4M6gNlCABFAAUU\/f1AADgGwwbfGmoUwKhzCABQxTgCs1tV2CN2nFAQAB+1jgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNTo1NiBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC94bWwNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDI1IEp1biAyMDE2IDA2OjA4OjM2IEdNVA0KRXhwaXJlczogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjo1MCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzAwDQpYLUNhY2hlOiBmcm9tIDEwLjEyMS4zNC4xNDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogRVhQSVJFRCBmcm9tIDIyMy4yNi4xMDYuMjANCg0KNWZlDQofiwgAAAAAAAADhZnrbhs5DIX\/9ykCP8BEFC+SAHf6KIuxM26NzaWtnezl6fewDtIUXdIpUNvjY4n6SJHizPbT3w\/3Ny\/r99Px6fHjhqayufk0f9gejvfraT3PH262h\/uXm8flYf24KTtalr7wbmfrfuyoDO1dZLfXhdbdbj9BusFPbrZf1uPnL+eZrWxvX9\/75b+Od+cvswmuXt76xfPxYT2dl4ev+6fH8\/Hx+en5NNP29v8uu\/yHZcd\/17kXbaXK9vbtin999\/x9OWMtM2mf2Nr29u2Kf\/1yvFuf\/jgvn+cyCv64+v8\/\/6i9vSfYWehwOKyE1ztrl8\/LXq1KWUo9HIYZXv1fv\/yMS7m8oyGt76nv1QfBl2p97WM51P1FWfhue\/vTGrdteb47vtp2GeSHha9yvCwHDMUDQ626qFw0uE5g8PO3PtKf6z+H73DZaf32vD7u15M75d3lHx9fyV\/eg8xy\/7zeHO\/g5s1cJowL+\/za7wK6JqibmaZR4xF4M3MqkM2sqUA3c0sFtpnHBEbhKhqMpAmeCxUdCk4VAwpNFQSa1HIJeNLIJSBac2MJTGtuLYFqvWIuuFabWuI7AtnacwnYcsklgMs1l4AuSyqpoMu5uRV0OTe3gq7k5lbQldzcCroikyUBVUFXLJeAriCyPXMG26+CroxJEx9V0NUyWRL+FXS1pqMw6KrkEtBVyyWgi1ycmcugayWXgK5RuiIGXeOpeHkJ0DHomkxI+rEEdM1yCehazyWga2OSxBYB3Ua5BHRbTeNFQLdJumgB3aaTJiEloNtaLvGMi6jLRgHdTrkEdDvnEtDtV8wF3Q5zkx2goNvhgGQ3KugOOCCTgO7gXAK6Q3MJ6I6WS0B3XDEXdKlcsRd4qdSpZ2sCXyoy4egTbgIFYCqWhpWBMJWea4CYCKeJZB8YGBPVXAPIRHmYGygTXbEZmImu2Oyc6xWbnXO9YrNzrldsds6otxmf5pxRcFONc0bFTTXOGSU31Thn1NxU45xRdFONc0bVzU6RzTnzSFN6c84ozek5zjmjNqca54zinGm6c0Z1bkmG685ZcJrINM4ZxTfVOGeldJ9256yca5yzaq5xztp+07y2WK+9gDdRX59OR++dLu2Cd0vve4JaK7qpoLCCS2Wy8Htn0uHJGipAhNHRUTwH"} +01143{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353156641491,"flow_src_last_pkt_time":1467353156641491,"flow_dst_last_pkt_time":1467353156699175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":1260,"midstream":1,"thread_ts_usec":1467353156699175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"meta.video.qiyi.com","http": {"url":"meta.video.qiyi.com\/20160625\/a5\/bf\/413f91ad101e780a6b63f826e28b9920.xml","code":200,"content_type":"text\/xml","user_agent":"QY-Player-Windows\/2.0.102"}}} 01429{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1467353156641491,"flow_dst_last_pkt_time":1467353156700500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_usec":1467353156700500,"pkt":"ABxCjnAxTF4M6gNlCABFAALD\/f5AADgGxVbfGmoUwKhzCABQxTgCs2BB2CN2nFAYAB9NTQAAeAj6KkVzGFgBGjLKoHgWsNDOg9EyBWMg4qw3sngWxFvTJslqEW1dOtsIZ\/G2YAiauUTisVZE0efGwzjXWg05LdZ4rAky0eBYc4m1ISOZy2PN0IHWZC6PtYYzQuJG8j0ND\/TECQTGtXRrmc2gXLGqInHIeH+AZh3hH4eENwhVsfKSjAPO1cTSYzk4VwRGT0LHe4TarWqyLm8S6mgVURj6q4IzFzPKNODMJE042ZbgzNQZongucObqtx3iTeOdAgtOFElsMDiz4j7IiGOewZkNmDWZyzNFp1ZHvEUZnLk3hGq8dm8XeCg2YczZ+wUeo3ON9wWDs+AA03qiAWdBguyZBpyFEaoU8\/GeQWCxJqlYwFm0ElwW+tS7BtGB8In5eNsgxoYYisfxnNwQiUliF8\/KHRWxxZwFnLGTCyWxIc55GI5LybrAWQsivsW+EHBWpMMucU7w7kGRWyyJeW8flHELMtOAswKQchyrCs6qvbWEs4Kz2mjW4n2q4IzsMyyJDQVn3LPtqKOhTxWcdXQc7RMNOFtBRUl84T0EvFVRbcO5vIcwFIPOsU8NnJExccMztsd7CARqqdlc4IxwNkRibA84m1Rl7rEGnA1No1kcPwbOptwRi\/E44GyK5JL0auaczVRLvE\/NOTdmsdhm7yG8mHJSC5pz7grS8T5tznl40Y3X3pwzVoX9E669gXMrSszJXODcCF1fS8YBZ9yrRE6I97v3EKimuN8fx2ED54ZUh6iPbQbnJlpQLEON9xDNzxJJTvAeopn2mnDu4Nya74w45js4t45NmNQ47yFa70xJ7u3OefiZN1kXOHesvIxf4\/Dy8OXXvmF7+\/b4wXuLdx\/fPY3AD+9f8Jzp8vDGHzT9Byu2GoeKGgAADQowDQoNCg=="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353156959663,"flow_src_last_pkt_time":1467353156959663,"flow_dst_last_pkt_time":1467353156959663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353156959663,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00795{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1467353156959663,"flow_dst_last_pkt_time":1467353156959663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_usec":1467353156959663,"pkt":"TF4M6gNlABxCjnAxCABFAADvDvNAAIAGMe3AqHMId7wNvMU5AFAa+1ILYx41VVAYAQTDtAAAR0VUIC9rIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBwZGF0YS52aWRlby5xaXlpLmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="} 01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353156959663,"flow_src_last_pkt_time":1467353156959663,"flow_dst_last_pkt_time":1467353156959663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353156959663,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pdata.video.qiyi.com","http": {"url":"pdata.video.qiyi.com\/k","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} 01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1467353156959663,"flow_dst_last_pkt_time":1467353156998876,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"thread_ts_usec":1467353156998876,"pkt":"ABxCjnAxTF4M6gNlCABFAAGgqmFAADQG4c13vA28wKhzCABQxTljHjVVGvtS0lAYAB+FPAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtTGVuZ3RoOiAyMDQNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidCI6IjE0NjczNTMxNTYiLCJtIjoiZWMyZmQ2Njc4YTM1N2MyMDhkNTE4NmIzYzM0MjI0NmJlZTQ0YzUwY2U3MDgzOTNlIiwidSI6ImVjMmZkNjY3OGEzNTdjMjBmNTVhODJlZDYwZjYzZjk2Y2QyMDlhMWQ4OGI3ODQyNSIsImkiOiIyMjAuMTgxLjEwOS4zMyIsImsiOiJlYzJmZDY2NzhhMzU3YzIwNjI1MTY2M2U4NGQ3MDFkOTlkYjQyZTUxY2I5MWM1MzkifQ=="} +01218{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1050,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353156959663,"flow_src_last_pkt_time":1467353156959663,"flow_dst_last_pkt_time":1467353156998876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":376,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":376,"midstream":1,"thread_ts_usec":1467353156998876,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pdata.video.qiyi.com","http": {"url":"pdata.video.qiyi.com\/k","code":200,"content_type":"text\/html","user_agent":"QY-Player-Windows\/2.0.102"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353157063732,"flow_src_last_pkt_time":1467353157063732,"flow_dst_last_pkt_time":1467353157063732,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":303,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":303,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353157063732,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00931{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1467353157063732,"flow_dst_last_pkt_time":1467353157063732,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"thread_ts_usec":1467353157063732,"pkt":"TF4M6gNlABxCjnAxCABFAAFXDwhAAIAGMXDAqHMId7wNvMU6AFAWZyP1RIzmWFAYAQR4owAAR0VUIC8yZWZjOGNkNWZiZTBmNGVlNDk4ZmIxYzJmYzFkZThiNi92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2PyZ0bj0xMzc3MTkgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IHBkYXRhLnZpZGVvLnFpeWkuY29tDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} 01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353157063732,"flow_src_last_pkt_time":1467353157063732,"flow_dst_last_pkt_time":1467353157063732,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":303,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":303,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353157063732,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pdata.video.qiyi.com","http": {"url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?&tn=137719","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} 01097{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1467353157063732,"flow_dst_last_pkt_time":1467353157103507,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":479,"pkt_l4_len":445,"thread_ts_usec":1467353157103507,"pkt":"ABxCjnAxTF4M6gNlCABFAAHRefhAADQGEgZ3vA28wKhzCABQxTpEjOZYFmclJFAYAB\/Y6wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjUyDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJiZ0bj0xMzc3MTkmdXVpZD03NmEzMDg1YS01Nzc2MDg0NC1kZSIsImUiOiIwIn0="} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1052,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353157063732,"flow_src_last_pkt_time":1467353157063732,"flow_dst_last_pkt_time":1467353157103507,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":303,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":425,"flow_src_tot_l4_payload_len":303,"flow_dst_tot_l4_payload_len":425,"midstream":1,"thread_ts_usec":1467353157103507,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pdata.video.qiyi.com","http": {"url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?&tn=137719","code":200,"content_type":"text\/plain","user_agent":"QY-Player-Windows\/2.0.102"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353157138270,"flow_src_last_pkt_time":1467353157138270,"flow_dst_last_pkt_time":1467353157138270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":372,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":372,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353157138270,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01023{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1467353157138270,"flow_dst_last_pkt_time":1467353157138270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"thread_ts_usec":1467353157138270,"pkt":"TF4M6gNlABxCjnAxCABFAAGcDxlAAIAGbTXAqHMI3xpqQsU7AFAuAjEcSma44VAYAQTWMgAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSYmdG49MTM3NzE5JnV1aWQ9NzZhMzA4NWEtNTc3NjA4NDQtZGUgSFRUUC8xLjENClJhbmdlOiBieXRlcz0wLTQwOTU5DQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiAyMjMuMjYuMTA2LjY2DQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDo1MDA0OTQ2MDBfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} 01457{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353157138270,"flow_src_last_pkt_time":1467353157138270,"flow_dst_last_pkt_time":1467353157138270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":372,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":372,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353157138270,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"223.26.106.66","http": {"url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} 02253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1467353157138270,"flow_dst_last_pkt_time":1467353157142996,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353157142996,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUui5AADgGBqjfGmpCwKhzCABQxTtKZsK5LgIykFAQAB\/uTwAAXABAYzwo9cKPXABAY3wo9cKPXABAY7wo9cKPXAAACQAACKIJAAAyAAAAAAAAABcAAAAAAWQAH\/\/hAB1nZAAfrFYkCgL\/lmoCAgKAAAADAIAAABlHjBjFQAEABWjomvLAAAAAPQgAAAkAAAAAAAAArwATkFblpUgAAAAAFAkAbwgAAAAAAAAAFwEAAFAAAG7\/ZYiCABX\/95xkfm3FH8zfxiVyZItj2+QvcPG\/css\/ZW+K7oKmOXqvyof6+MpsbuBrR3NlYBBVWVRq3WcvPz43KJn6OOq7wUatnW33K69XETXFsUoSgXdN7o0kq4w+hJrrFVm3jhsmgXWVk6qs6hebWuZRXfCylsvlyYQvoo8ujkxwf\/jOPhyl6i\/pTDKbDQZOrGmk9iGos+6hcPjtrVmq5rC28bSpDQb\/l3J+48zXTAIJQ0eBYWXFdgZPT7ei\/1f\/9\/tmNrD8GxGJp2OeeHzKlWg0+2iCixox6opp5+CbF3ew+UCOGdg3U\/5oVyFXyPX7+O0Is6zwfWwGCWJoC6\/zQa49qCQPS9W27Dn4e7vsWHcsLdg3UHzR4Z1JuDFBW7ue0EA3sC0gP\/mqqJuTdXptxBOJRjQ63vSnOV7PtDcJs4A7oWz2JzmEh+VbAw2U5760xCgZf0h+IR4GdMhaD57XDY8NdoZSDUzKAjvVKzHkc\/gdXpR0l6TIGuQcP2n5BFznR2iYeCE\/miwzmIeVW7avmSkaYobdmdMxT40yLpSDo7E8P+71xqJEqUUh6vFl9rz126Cgazh0LClcgaFaNKcZScAJKPrVP1o7kkOIcKwxW2CdOD77SH4zyVYWD9ULtNPIZ77Kl\/LYJQ8L2R419x+V6vNClYH7FDNYQst\/D12fjQ\/m+4yqq8ANYgNFZAXKlC8uKiIfcH\/TAErY7s8c2cJx1lhY3xTKhpLrPcsLU9UsA+Oip34KoUwvW3F5sUP0n2c\/KNlUH5ayGqegy5bryGeYm\/zuaor3RjqVC+afHCqaNQNUM+bdihsi6\/dYDdiuHkznFARXAj+HmRzPclqFdQs0umlOh+4nrXrTgUTsq6Mijt5YgP1vOKM5AtjEldVCDmGr1tU5uzTP\/wOgMtD4fsuENAnY849iMY16mjQC8PBzOazume30AYsAvNe5umLe2Jg9g1q77PVd7s5Hu\/6sIJWIf7my9bXHqgu1vXqQE6ohulSfKXSbeWRxV1zDne\/VQKrMqsiN5thBJ6eGrmP690VCEON3vIc3K8eMxOBEG1sH2gt0\/QY+qtme7NqWlgnah6YGN282gbUWFJTA8lul4VGFodu6rBHcO4b\/OZ2Vgodz1eVa7Rvhlz0zeO\/YLtQjl7fwTfVY1piKLJlsXBuH5KXSLNolBVVHCVrAQmkekZvhiLsm\/G4SGTer+1uPrS5m3ZHSe234ovyt+yHtfZCEP\/\/gOVJ5LO7C7uAyroC7rFx6lIcBOyO9mnt4Fi0rv6nmI9Iuf1\/XjKYeJJ3hPNphBZXvUwpvdJUyrMP\/WSQf4xrhUZbkn+wcvgAg5Hq\/N\/ilxIaAfekOtHVgU5VwnYm0lrbpwZtnYoLYol2itsi\/Tiny8B2OHcGdfUzCAOCON\/0+\/ipakxXBeRa7CLgs5mjI+rNnEby8whMLuruKRetpD4LDPViHWG\/OwHoZ14S6hpwBDqQ07xh3U7DjW9xs4GqS"} +01361{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1054,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353157138270,"flow_src_last_pkt_time":1467353157138270,"flow_dst_last_pkt_time":1467353157142996,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":372,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":372,"flow_dst_tot_l4_payload_len":1260,"midstream":1,"thread_ts_usec":1467353157142996,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"223.26.106.66","http": {"url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} 02238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1467353157138270,"flow_dst_last_pkt_time":1467353157142999,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353157142999,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUui9AADgGBqffGmpCwKhzCABQxTtKZselLgIykFAQAB\/aLgAAopnkFb6w\/Gf9wcd\/TnuexQBjLwWa0uCe9TPr4qE3jsphraOf\/lM4Hhi9NJILTNUPpkUh0lJVsTBg0+IryxSW3IwYySV6wkzB0\/tYDwbO6SOx\/W5mmrffIH5hc9hR+iJYkdxSMJyhs5tL+JX3Z4urkWLC21HQmnbWWhKwwr3IOESy8lC4QLT5bzgZZwV6aylc3BKRGmkWqvo3gveBLOrAMA4JoqHhbMBYA7GEB3n5XVRePARG35OUMCE\/8TDQo0+dLC24GKANopCzYZkvfPVaY0dRDrv50emXg1Cs9WSfVu50aDF7YYVdx5mx545GrUAMEsqIjDQ\/4DCox7xS+Ws\/dwFhUTJ0P8Dx\/xK2lp12JPYf\/zG6tdTYMt3AacBTBvLHFFde\/reBoQaTbZB\/vJdywKaKtIzwqCOs4Q9YPbL8+Pq1VE1FdEBeuONtnWPx9wNuAvH6U\/JENWXsD\/bsjom76483YU\/XZIQUgj30cOEgQwuDamiBln+90aAngeN2nOL6ntmgjdG66Xp5PKfwQlwuGdvacgApEFyIvnfxUhm77eXRcDexRzOKtayXJEIXZt52rm2WbDXx+l2L+n6mDI5HPlSGKuvP84rwmMwhT7yEvzQKbivh5sn9I8EjZx6KaukURUZTKe54jHmLC3Jmf2BKkUKfD+otim\/knbUQxDjsPRmRG1Nf5oF86K6KEl\/nFEI9A5kcjFcko+VuDqw9SWzSXgKad5EYc4r+hlUwt3uzj59viQUjCCWYguaIGZ8C5ZjdSExE6IsY1BXoMFqHoRzfJaDg6uSsFAjJS92cQgN0nWwTaQFWx1m2slB35iQ1wft22PbPDl49icFcTFpAz2oY5Pp3lfvj5IUJyUTHt3u8v74exA53o9ooOtbqs2j42om\/zaB3iyhBCsOikAKzbr0K6CxGSwBAWdloUe96BLdalzPNcqhIK0c0YJvH4tBdmDh+5ufseEBw7BGI2ipV6yVNpFO0kDqCajN7YsN05JDg13dAXzY2SAQ5QfKni3cz7N9WhYMt7COKUvI+C0iwIaEB32bniucRrN4HsPO11eCbWDnltN\/+kP2qhoa5r1DcSUAZq6JPm51\/USDg6qO4x\/Vapf6ZVCWehE+KdgGpX4qBTKeA+bV7qois7qvnsCmBXUWPo21DtRYTVMizQCWWQqH0CGGSEtoZ24ZE8Em+sX59yNgKKKnBzY4rxhy1pF8qyBkoHpDm9lBx3JEleYOnrbk5vilJTiHsG0C7im31hM5hXvKl2rEhKIpc+QgsAwc8xEkz7398lWjZRYNmVmvhEG3GTaIjL7zuDYVBFnz\/Ep+CquTSroYI\/KVwc+2ze3Q+yBDcODi+bFdRr\/qJ\/RfL4FgeDb9sduAkPb3xQiixfjLzyzTazf6dzG3+S06aSi8zpu2nZ2pA6Ukh\/FodlR311cw8YfsxYuiSFyYqZDzpce1Qm0XZXnys8qlDnUmjILug1tlJBa1UzH74juRDwgD0Fnwh1MLjNAsmUIrgA0GSsiEjUBU047yfXV\/qzyvQus+1BXKIiklyV0Xin7L0ua0Yj38t6gGn+ytwXAmSh71WYg7o3suhEh2DpzfHKZ9IBKf8gIvOvhTvSepAfXGEaca4phlMY6YIuwsde9HzRk9q6m3wLv6MKf1l9nyMKAHgaDMdK68E7LAU50IjtX2yCF8K"} 02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1467353157138270,"flow_dst_last_pkt_time":1467353157143000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353157143000,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUujBAADgGBqbfGmpCwKhzCABQxTtKZsyRLgIykFAQAB8dwwAA\/2jHnnAjB8q5GMjAl4zO7LmXSDUbnUXu\/QeEOdeU7w8IKLe6izdpw3j2Z95byEoxuUmCU0tLcTJb40tSZEepvDg+V3baz1GA\/qTEB8Y+vI6PYjCGhmkGu76k3VSeTvrwOLGQdqIwOHc\/D6Z3L0KX975LbwqygQMFNaOJPuDns+HxqpIHN3yv7xW3JFD6iZuOSyeE1HuKufQv6Do42XCNBrQs2xmwqo7Gr+2+y1wDDosSssblbmp4+GmdUL5C2CHhwiizQjAS1CeOFLYIfHK2ih\/mNG58BzPCQV0\/x01qNfHcmYvymf1oZp+\/4qbYCRe9PVn\/1pHt8wSQpKANb3ScynaRa0MmMtG4ZEr6Vjidorc2Jr6St\/ouYncqc20iW9BTq1gyL2K\/xWgRwUFJU0RAWNJk+NWNcrlNPGYVkJRlJFFxLM7Q4CesgbiDw0QUWzsg1WBJavOSLGlthM7yCYh+d8ZgBLJdUlQ7KXlbHMjUxZcuz86ekXzACdfxN5DYZpY6CIi8\/OzJXF5AgTQoOd5puraHpr18IaZgXmA2RqTKfj64kDI6T7W7bjHfT9+hkLO48g7mbNvhXDWfuvRgY9m98Q1x0yazez6cTT3fFKqDNBtWUD1JyjqZR67ZGiVu8syyAqypnHnpFiLhMMUyO3WhIwia6hpbbEWvZH\/sFNkwGDG3OmslBRugeSXPjj3UzwqoQRsQdIGz3Qng5gn6b4B54YaBcds6Fg4WsGo\/3EnbiNaTDRN13Y+IojlPcVK0ElIepyIWwC7ZP67hmgSIqGpBF7tfpkr2Ci2QMf63jbxD\/qay+z84U5Phsx\/yp6bsRjKHaCepenNhajntBUN28HMhNRzxc2E1thxrf7rC8AjlRaSOqNLP79VJzt+zhV0hnQXgvzGhmaqEHgsoQJvTtJVQi\/jEjTWBV\/uUmBLTGI8ITpb1nBrEzSAEJW5H6a458VxtnyGH884Y1xyojGEVOAF3cHAPWhpDLTOImiyvUVg2PsiKMsofjYG7fsxoiSLV8Gxir0hZ\/LVXeNfrB44JjRg6secf0QQjXDseoT2bXHOcbCi88gv48SotwgOtT2c\/QWQidxHev0YXqq7Kpua4HhnUbFXmHQah9ZoXBZNvHL7pHrRwLJVZz4cHZD4\/Ttzcnovids9AXICddXhSUChqf5Ij\/8QHDpOSUoCBpe5b6b\/ON6WRqx7JRFj5SqiPx4PEBArHAQfBXeyWxj0sIy0G30Su2TQygwugx+A55sUfpOrfDx0ySMmOmUfjIHE5X53rLmT1OfqY9QVCiwzY2SgSbrI6w9eFbie32jMw3wlRUJ0vnLeq8daPhXPy27CQycBLkhZDx4jyq4WxsHprtdOC4L\/oQpTNkg71SAEwv\/vRjvhAAESZEsSwLeJrUZjGPCCmdrpikCyp1GqWXPr6g2LLjYh55g58h3idnnmlKZlcnMzKJOMRxfVIpebHgluXMdZVngpDLB6xwtZecNZWPGg1Qqz98Nt+tJXGy102YvFu148fL\/wAZl7XUYASJyTj1KUGp5270h0+k+ceGHg3fDHLv4Mjzu5okoWLo3YnDYJLp0RwelQ68nkSmBYfzSeMJZIo5NQ9V2VzkO+yUwpI0peX26TQheZJQ07lPJotNG\/mlKCwkqHBv6D2CppXEFxm2NXWCoRW99M4SIRfWIT2f\/5Z"} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1467353157138270,"flow_dst_last_pkt_time":1467353157143001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353157143001,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUujFAADgGBqXfGmpCwKhzCABQxTtKZtF9LgIykFAQAB80AgAA0cPuZwU215aYjOEY5CkoiM34f97s+2EXBe4psWVjfM6tiSFGDZN5St9DlkSeJvgz9Qp1thej+q4pPgoYhRCdZeZi+sBMsy2NdifeaBsIxAMAACq8gRkEX3JEga5xqwm4LUx3LpNK24jWUESZrTgCmD2tFMerKxjLDYNLIZF93WHrpvik5jCqGCg40O1vOJLLPeEe\/bG61+85MflNlLXltJqkO57pzaiYsI1M6CVmSTYqNgMZ48q0BZKlwST711f0sKdkXuHk3Skq2Z\/fH4roYtWkfmF3S3Swlxva1rroHwBpNNZyl1q89JmxwLlPAfjzwx0iNju77j7CsLjzCk8u9yFg2OJpzLCZKz+qHHEl2IgrZHMYIPKfA7vZBZylMaW9tdW3ahq0wbekIMrTdKW6WpIxW4MqFgdZQrnYAPgkSjomHsHiW4Fec+YnBzhprpRu4UllL06vAKRmhzTAj6+UKWdys17eu1nd57pcrPFlmmDWs+BnwM3vU+UTG6Nj0at+ZhOYm5uk9B8aMCIJvR03y7duVXCOnJjRdmcDB1e1V8MmyJvndljPznL\/L\/KaPcdu1HH3uYGGYQufgh9vVCBIAeQXHWWdUSEbHsEcoW6mYjSvRQQwnVlF0dEugjFqITabMW41oNCx99KzJoJCFMgQulEyhvt3u6kW2+qQy3K+lDBIXBa+PT1dcyFqMQht5QXw2WkPeFcKcC75iK+4wDyKS4GEAhq95ZCgoBCJcApd5r\/pjY0wjDvqRBDN\/Qucrn9seVyo91JExyAtvClAjllSgQ05yMd3JJqwhPWEwzjwnOopazkWUJYJjbwrpI5+kyHFn2lmXFUBh51fdv4Y8BP6tIlSB8DYC0A0MhLPPKOHHB2QgMLMKRml7+2++2eXn9GE84AxDK2jorTdOAx\/j82jwoYeyYf\/q12t4OBlaayfpjJYuotCd0E+C7xccPhfgGd\/DgiyHQ8tQKztO20ZRQFSI27ORRL4ibVaJm7GKfZqTIJD5SudtdJHYnVwviHXkgYCOuTdmoFqXbOhz62lqG\/iSFkqEbqKvrLZQnckgMg+MXgsDQ2jgUaboA85ScdtfhU04KsLSZZlJ0jQCzOwB15tS4plI4TIUBuEsuHFewGg7g81Iw+mHcZhE8LDwVlFeXqQ5tvidAwHCBFvTDnex23o5u8ZR5ExLJ6HQ3OwGIVdQ6rS8dy3xjkDQeqwCSGwGVSzYcfvcVOy8VM\/2BmXP3kOP8nk0p0K6HUHXbiIGEks6zr03x9k\/jfBsS0rLKvef9+XaUavedzW\/ZOdPvQ5fKXOjLX++MiID55yYP6kkXDYhiB3ZRmpbd63J8X0WrW5TVpUuRIztuGuZHelAIzhwoiosNT4Bv57xkR0CdnY9NO4tf2ukgCkDo75bIa47QS4QYcOERXE9j9Bxx2\/muud9tHVLnIDG719fZp1xQTSsoRSTHvHsbF6XwM1SmKRT058UEeldh7SRx+\/t8+ZPDJENSKnBP4x123r2vdFkxXH\/ayb1y1Uzt+mdqW+XwLFcQe17zbKBbsnBusEbpgAeg1TI32YHefr68em7ktNROYGrfFWqYVrMxb4yhalRITqBWLTmn0M8AaBae\/LtVX8klmoV8E14vupxxYB2c+mtCkQLK77kx85fHsUWi0nN8omVsrcvYwtLQA9XbsHc1ilGb3W"} @@ -255,16 +275,19 @@ 01719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1467353157468345,"flow_dst_last_pkt_time":1467353157468345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_usec":1467353157468345,"pkt":"TF4M6gNlABxCjnAxCABFAAOkD3JAAIAG2tjAqHMIymwO7MU9AFA84A6MMfAazlAYQTez3QAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNTcwNDYmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} 01732{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353157468345,"flow_src_last_pkt_time":1467353157468345,"flow_dst_last_pkt_time":1467353157468345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353157468345,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353157046&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1467353157433680,"flow_dst_last_pkt_time":1467353157475501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"thread_ts_usec":1467353157475501,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDRAADMGDUtvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="} +01414{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353157433680,"flow_src_last_pkt_time":1467353157433680,"flow_dst_last_pkt_time":1467353157475501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":335,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":335,"flow_dst_max_l4_payload_len":463,"flow_src_tot_l4_payload_len":335,"flow_dst_tot_l4_payload_len":463,"midstream":1,"thread_ts_usec":1467353157475501,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pdata.video.qiyi.com","http": {"url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012","code":200,"content_type":"text\/plain","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353157509654,"flow_dst_last_pkt_time":1467353157509654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":403,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":403,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353157509654,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01068{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1467353157509654,"flow_dst_last_pkt_time":1467353157509654,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":457,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":457,"pkt_l4_len":423,"thread_ts_usec":1467353157509654,"pkt":"TF4M6gNlABxCjnAxCABFAAG7D3xAAIAGbLPAqHMI3xpqQsU+AFB482xgj\/e7VVAYAQRcuQAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQpSYW5nZTogYnl0ZXM9MzQyNDI1Ni04MDU3MDIzDQoNCg=="} 01544{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1083,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353157509654,"flow_dst_last_pkt_time":1467353157509654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":403,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":403,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353157509654,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"223.26.106.66","http": {"url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1467353157468345,"flow_dst_last_pkt_time":1467353157533198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353157533198,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5zsFAADMGa3TKbA7swKhzCABQxT0x8BrOPOASCFAYACB8+QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01757{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1084,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353157468345,"flow_src_last_pkt_time":1467353157468345,"flow_dst_last_pkt_time":1467353157533198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353157533198,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353157046&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":200,"content_type":"image\/gif","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1467353157433680,"flow_dst_last_pkt_time":1467353157718565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"thread_ts_usec":1467353157718565,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDVAADMGDUpvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1467353158696520,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353158696520,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLHIAAAER1v7AqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353159222383,"flow_src_last_pkt_time":1467353159222383,"flow_dst_last_pkt_time":1467353159222383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353159222383,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1467353159222383,"flow_dst_last_pkt_time":1467353159222383,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_usec":1467353159222383,"pkt":"TF4M6gNlKDc3Alz6CABFAAE1+vRAAEAGNqjAqAUPROn9hf5nAFAhJnFt6cGPtIAYEBWfeAAAAQEICiYbloUrIzeaR0VUIC9jb21NYWdpY2FuQXBpL2luZGV4LnBocC9Ub29sQm94L3ZlcnNpb24gSFRUUC8xLjENCkhvc3Q6IGFwaS5tYWdpY2Fuc29mdC5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLXR3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1hZ2ljYW4gKHVua25vd24gdmVyc2lvbikgQ0ZOZXR3b3JrLzcyMC41LjcgRGFyd2luLzE0LjUuMCAoeDg2XzY0KQ0KDQo="} 01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1087,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353159222383,"flow_src_last_pkt_time":1467353159222383,"flow_dst_last_pkt_time":1467353159222383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353159222383,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/index.php\/ToolBox\/version","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1467353159222383,"flow_dst_last_pkt_time":1467353159428529,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"thread_ts_usec":1467353159428529,"pkt":"KDc3Alz6TF4M6gNlCABFAAF4t91AADUGhHxE6f2FwKgFDwBQ\/mfpwY+0ISZyboAYABs\/NQAAAQEICisjOHomG5aFSFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDU6NDY6MjUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"} +01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1088,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353159222383,"flow_src_last_pkt_time":1467353159222383,"flow_dst_last_pkt_time":1467353159428529,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":324,"midstream":1,"thread_ts_usec":1467353159428529,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/index.php\/ToolBox\/version","code":502,"content_type":"text\/html","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353157509654,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"thread_ts_usec":1467353159731502,"pkt":"TF4M6gNlABxCjnAxCABFAAGgFhZAAIAGZjTAqHMI3xpqQsU+AFB4823zkD5tZ1AYAQS6ZwAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2Y3JjP2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQoNCg=="} 01047{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353159746513,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":443,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":443,"pkt_l4_len":409,"thread_ts_usec":1467353159746513,"pkt":"ABxCjnAxTF4M6gNlCABFAAGtzXdAADgG9sXfGmpCwKhzCABQxT6QPm1nePNva1AYACEkXQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU5IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA3Mg0KTGFzdC1Nb2RpZmllZDogU2F0LCAyNSBKdW4gMjAxNiAyMDo0Nzo0OCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1NzZlZWRmNC00OCINCkV4cGlyZXM6IFNhdCwgMDEgSnVsIDIwMTcgMDY6MDU6NTkgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQoBAAAAjem7lGlyqIWJ0WZ4YikhMAAAAADA8HoAAAAAAJ0fBgCdHwYAAAAgAABAAACfagIAEAAAABkBmvdUqrt6QK4cKbQBDrk="} 01590{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1090,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353159746513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":389,"midstream":1,"thread_ts_usec":1467353159746513,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"223.26.106.66","http": {"url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":200,"content_type":"application\/octet-stream","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}} @@ -278,15 +301,18 @@ 01720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1467353165300743,"flow_dst_last_pkt_time":1467353165300743,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_usec":1467353165300743,"pkt":"TF4M6gNlABxCjnAxCABFAAOkGfJAAIAG0FjAqHMIymwO7MU\/AFBSz4AccUHHfVAYQTf+XQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNjUwNDcmc2g9JnNxPSZzdz0mdD1zcCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} 01732{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1108,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353165300743,"flow_src_last_pkt_time":1467353165300743,"flow_dst_last_pkt_time":1467353165300743,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353165300743,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353165047&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1467353165300743,"flow_dst_last_pkt_time":1467353165410193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353165410193,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5NehAADMGBE7KbA7swKhzCABQxT9xQcd9Us+DmFAYACAMewAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01757{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1109,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353165300743,"flow_src_last_pkt_time":1467353165300743,"flow_dst_last_pkt_time":1467353165410193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353165410193,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353165047&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":200,"content_type":"image\/gif","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353165456243,"flow_src_last_pkt_time":1467353165456243,"flow_dst_last_pkt_time":1467353165456243,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353165456243,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1467353165456243,"flow_dst_last_pkt_time":1467353165456243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353165456243,"pkt":"TF4M6gNlABxCjnAxCABFAAUUGh1AAIAGeifAqHMIZePIC8VAAFBgEsEemWlGj1AQ\/\/DZSAAAR0VUIC90cmFjazI\/YT0wJmFzPTE7MiwzOzQsNSZiPTE0NjczNTMxNjUmYz05NjY1NDJjODJhNTY5NGQwZTk0M2Q1MGQ1ZmNmNWE1NSZjdj01LjIuMTUuMjI0MCZkPTUwMDAwMDA4NTQ5MzQmZHI9MjE3NSZmPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jmc9MF9hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZoPSZpPXFjXzEwMDAwMV8xMDAxNDAmaXY9MCZqPTMxJms9MTgwOTMyMzAxJmtwPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jm49NDc5NTMxMDAwJm89MSZwPTEwMDAwMDAwMDAzODEmcT01MDAwMDAwOTIzNDQ3JnI9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImcnQ9MTQ2NzM1MzExMyZzPThlZGI2OTRjOGM4Y2NhOTIzZDNlYWU2NjIyZjlhZWU2JnN2PTQuMTAuMDA0JnU9MSZ1cD0mdj01MDAwMDAwODU0ODU4JnZlPTEmdz00LDUgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25K"} 01834{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353165456243,"flow_src_last_pkt_time":1467353165456243,"flow_dst_last_pkt_time":1467353165456243,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353165456243,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"api.cupid.iqiyi.com","http": {"url":"api.cupid.iqiyi.com\/track2?a=0&as=1;2,3;4,5&b=1467353165&c=966542c82a5694d0e943d50d5fcf5a55&cv=5.2.15.2240&d=5000000854934&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000923447&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=8edb694c8c8cca923d3eae6622f9aee6&sv=4.10.004&u=1&up=&v=5000000854858&ve=1&w=4,5","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1467353165456392,"flow_dst_last_pkt_time":1467353165456243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1467353165456392,"pkt":"TF4M6gNlABxCjnAxCABFAADjGh5AAIAGflfAqHMIZePIC8VAAFBgEsYKmWlGj1AY\/\/BFbwAAc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1467353165456392,"flow_dst_last_pkt_time":1467353165492216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_usec":1467353165492216,"pkt":"ABxCjnAxTF4M6gNlCABFAAEkdU5AAC8Gc+Zl48gLwKhzCABQxUCZaUaPYBLGxVAYP\/ygXgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAyDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCm9r"} +01858{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1112,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353165456243,"flow_src_last_pkt_time":1467353165456392,"flow_dst_last_pkt_time":1467353165492216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":252,"flow_src_tot_l4_payload_len":1447,"flow_dst_tot_l4_payload_len":252,"midstream":1,"thread_ts_usec":1467353165492216,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"api.cupid.iqiyi.com","http": {"url":"api.cupid.iqiyi.com\/track2?a=0&as=1;2,3;4,5&b=1467353165&c=966542c82a5694d0e943d50d5fcf5a55&cv=5.2.15.2240&d=5000000854934&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000923447&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=8edb694c8c8cca923d3eae6622f9aee6&sv=4.10.004&u=1&up=&v=5000000854858&ve=1&w=4,5","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353165563016,"flow_src_last_pkt_time":1467353165563016,"flow_dst_last_pkt_time":1467353165563016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":950,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":950,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":950,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353165563016,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01797{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1467353165563016,"flow_dst_last_pkt_time":1467353165563016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1004,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1004,"pkt_l4_len":970,"thread_ts_usec":1467353165563016,"pkt":"TF4M6gNlABxCjnAxCABFAAPeGjdAAIAGvYPAqHMIe31wMcVBAFAj7VXd5qVx9VAYQTcqlQAAR0VUIC9ta3QuZ2lmP2FpPTg0NTI4OTE5MDBjOTAzYWU3YTg3NjQ0NzkyM2E1YWVjJmV0PTAgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBjbGljay5obS5iYWlkdS5jb20NCkNvb2tpZTogSE1BQ0NPVU5UPTg4Q0M2OUIwNEM5RDYyOUE7IEhfTUtUX0NMS0lEPTAwMDAwMDAxNTlkYTE2Yjg1Nzc2MDgzMjVhMDhhMzc2MDAwMDAwMjAzNTMzNjUzMjM1NjUzMzMzNjUzMDM2MzQ2MzM2MzUzNzYzMzAzNjYyMzUzNTM4NjUzNTYzMzM2MzMzMzM2NjY0MDAwMDAwMDg3OTZmNzU3NDc1MmU2MjY1OyBIX01LVF9DTEtMT0c9MDAwMDAwMDE1OWRhMTZiODU3NzYwODMyNWEwOGEzNzYwMDAwMDAyMDM1MzM2NTMyMzU2NTMzMzM2NTMwMzYzNDYzMzYzNTM3NjMzMDM2NjIzNTM1Mzg2NTM1NjMzMzYzMzMzMzY2NjQwMDAwMDAwODc5NmY3NTc0NzUyZTYyNjU7IEJBSURVSUQ9MjEwMkRDNzUxRUQwREYzNkUzRDZDRjZDMjEwRkFCNzk6Rkc9MQ0KDQo="} 01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1113,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353165563016,"flow_src_last_pkt_time":1467353165563016,"flow_dst_last_pkt_time":1467353165563016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":950,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":950,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":950,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353165563016,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.hm.baidu.com","http": {"url":"click.hm.baidu.com\/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1467353165563016,"flow_dst_last_pkt_time":1467353165612050,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1467353165612050,"pkt":"ABxCjnAxTF4M6gNlCABFAADj3khAAC0GT217fXAxwKhzCABQxUHmpXH1I+1Zk1AYAIIWkgAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvZ2lmDQpDYWNoZS1Db250cm9sOiBwcml2YXRlLCBtYXgtYWdlPTAsIG5vLWNhY2hlDQpQcmFnbWE6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjowNSBHTVQNClNlcnZlcjogYXBhY2hlDQoNCg=="} +01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1114,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353165563016,"flow_src_last_pkt_time":1467353165563016,"flow_dst_last_pkt_time":1467353165612050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":950,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":950,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":950,"flow_dst_tot_l4_payload_len":187,"midstream":1,"thread_ts_usec":1467353165612050,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.hm.baidu.com","http": {"url":"click.hm.baidu.com\/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0","code":204,"content_type":"image\/gif","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 01720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1467353165616418,"flow_dst_last_pkt_time":1467353165410193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_usec":1467353165616418,"pkt":"TF4M6gNlABxCjnAxCABFAAOkGkVAAIAG0AXAqHMIymwO7MU\/AFBSz4OYcUHIDlAYQRL3fAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNjUwNDkmc2g9JnNxPSZzdz0mdD1zdCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1467353165563016,"flow_dst_last_pkt_time":1467353165659884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1467353165659884,"pkt":"ABxCjnAxTF4M6gNlCABFAAAo3kpAAC0GUCZ7fXAxwKhzCABQxUHmpXKwI+1ZlFARAILziAAAAAAAAAAA"} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1117,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_src_last_pkt_time":1467353165616418,"flow_dst_last_pkt_time":1467353165726907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353165726907,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5NelAADMGBE3KbA7swKhzCABQxT9xQcgOUs+HFFAYACQHagAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} @@ -301,18 +327,22 @@ 01387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1122,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1467353167288111,"flow_dst_last_pkt_time":1467353167288111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":694,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":694,"pkt_l4_len":660,"thread_ts_usec":1467353167288111,"pkt":"TF4M6gNlABxCjnAxCABFAAKoG9BAAIAGqFHAqHMIJG7cD8VCAFB9qW\/gOgaPJFAY\/\/DRFwAAR0VUIC90bXBzdGF0cy5naWY\/dHlwZT1yZWNjdHBsYXkyMDEyMTIyNiZ1c3JhY3Q9c2hvdyZwcHVpZD0tMSZ1aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mZXZlbnRfaWQ9NGIwODY4OTIwYjBmODI4NTMyMGE5ZTAwZWUwMzY5ZTUmY2lkPTMxJmJrdD1wcHNfY196ZWJyYV9tYWluX2RlZmF1bHQmYXJlYT1wcHNfY196ZWJyYSZwbGF0Zm9ybT0yMDEyJmFsYnVtbGlzdD00NzA2OTQ1MDAsNDcxNTkxMzAwLDQ2NTY0MTAwMCw0NzI4ODcxMDAsNDcxNzg4MTAwLDQ3Mzc0NjMwMCw0NzE5NDgzMDAsNDczNjk0NjAwLDQ3MjE4OTUwMCZhaWQ9NDc5NTMxMDAwJnNvdXJjZT0wLDEsMSwxLDEsMSwxLDEsMSZfPTE0NjczNTMxNjcwODcgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdm9kZ3VpZGUucHBzLmlxaXlpLmNvbS9wYWdlLnBocD92ZXJzaW9uPTUuMi4xNS4yMjQwDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KSG9zdDogbXNnLnZpZGVvLnFpeWkuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} 01609{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353167288111,"flow_src_last_pkt_time":1467353167288111,"flow_dst_last_pkt_time":1467353167288111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":640,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":640,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":640,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353167288111,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"msg.video.qiyi.com","http": {"url":"msg.video.qiyi.com\/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465641000,472887100,471788100,473746300,471948300,473694600,472189500&aid=479531000&source=0,1,1,1,1,1,1,1,1&_=1467353167087","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)","detected_os":"Windows 7"}}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1123,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1467353167288111,"flow_dst_last_pkt_time":1467353167373818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353167373818,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5WoJAAC4GvY4kbtwPwKhzCABQxUI6Bo8kfalyYFAYPAD9ZAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01634{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1123,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353167288111,"flow_src_last_pkt_time":1467353167288111,"flow_dst_last_pkt_time":1467353167373818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":640,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":640,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":640,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353167373818,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"msg.video.qiyi.com","http": {"url":"msg.video.qiyi.com\/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465641000,472887100,471788100,473746300,471948300,473694600,472189500&aid=479531000&source=0,1,1,1,1,1,1,1,1&_=1467353167087","code":200,"content_type":"image\/gif","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)","detected_os":"Windows 7"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1125,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353170523889,"flow_src_last_pkt_time":1467353170523889,"flow_dst_last_pkt_time":1467353170523889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1043,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1043,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353170523889,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1467353170523889,"flow_dst_last_pkt_time":1467353170523889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_usec":1467353170523889,"pkt":"TF4M6gNlABxCjnAxCABFAAQ7HjFAAIAGHsHAqHMIb84WTMVDAFDdQoxSQH15t1AYQTfZKwAAR0VUIC9iP3Q9NSZwZj0yMDEmcD0xMSZwMT0xMTQmcm49MTQ2NzM1MzE2NzIyMSZhPTM0JmNsdD10dmcyMDE1X2JhaWtlQl9jb21tZW50X3Nob3cmdHlwZT1wYyZyZWY9bm9yZWYmdXJsPWh0dHAlM0EvL3ZvZGd1aWRlLnBwcy5pcWl5aS5jb20vcGFnZS5waHAlM0Z2ZXJzaW9uJTNENS4yLjE1LjIyNDAlMjNjbGFzcyUzRDIwMDAwMzcxOSUyNTI0JTI1MjQlMjUyNCUyNTI0MTgwOTMyMzAxJTI2ZW50aXR5aWQlM0Q0Nzk1MzEwMDAlMjZiYWlrZWlkJTNEMjAzMjI5NDkwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdm9kZ3VpZGUucHBzLmlxaXlpLmNvbS9wYWdlLnBocD92ZXJzaW9uPTUuMi4xNS4yMjQwDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29va2llOiBwcHNfY2xpZW50X3ZlcjI9NS4yLjE1LjIyNDA7IFQwMDQwND00ZTNhZTQxNWE1ODQ3NDhhYzlhYTMxNjI4ZjM5ZDFlODsgX3Bwc19pdmk9Vms0OU1UWXdOVEExTGFXL3BQbWhSejgvUDZUYXBFZW11RDgvcE0rd1pqOHRwTFd4M3pnd3Bsby9wR2FvY1NaV1VEMHhKbFpEUFQ4L1B6OCtwTFd4M3pnd3Bsby9wR2FvY1NaV1NqMHRNU1pXVXoxV0psWkVQU1pXVkZ0QlhUMHlNVGMxSmxaTlBTWldWajAxTGpJdU1UVXVNakkwTUNaV1ZUMW9kSFJ3T2k4dmQzZDNMbWx4YVhscExtTnZiUzkyWHpFNWNuSnNkblY0YkdjdWFIUnRiQT09OyBRQzAwNj11NTQ5dnB6MTBsOWZrYXR1bTRhbHc0YnA7IFFDMDA4PTE0NjY2NDU4MTYuMTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE7IEhtX2x2dF81M2I3Mzc0YTYzYzM3NDgzZTVkZDk3ZDc4ZDliYjM2ZT0xNDY2NjQ1ODE3OyBRQzAwNT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KDQo="} 01554{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1125,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353170523889,"flow_src_last_pkt_time":1467353170523889,"flow_dst_last_pkt_time":1467353170523889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1043,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1043,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353170523889,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.iqiyi.com","http": {"url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A\/\/vodguide.pps.iqiyi.com\/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26baikeid%3D203229490&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)","detected_os":"Windows 7"}}} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1126,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1467353170523889,"flow_dst_last_pkt_time":1467353171307497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353171307497,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FgtAADMGd2lvzhZMwKhzCABQxUNAfXm33UKQZVAYACEI\/gAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjEwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01579{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1126,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353170523889,"flow_src_last_pkt_time":1467353170523889,"flow_dst_last_pkt_time":1467353171307497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1043,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1043,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353171307497,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.iqiyi.com","http": {"url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A\/\/vodguide.pps.iqiyi.com\/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26baikeid%3D203229490&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn","code":200,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)","detected_os":"Windows 7"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353172446185,"flow_src_last_pkt_time":1467353172446185,"flow_dst_last_pkt_time":1467353172446185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353172446185,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1467353172446185,"flow_dst_last_pkt_time":1467353172446185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_usec":1467353172446185,"pkt":"TF4M6gNlABxCjnAxCABFAAETH7ZAAIAGCbLAqHMIFymFo8VEAFBenvyU0fNBYlAYAQQxqAAAR0VUIC9wY2EzLWc1LmNybCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNCklmLU1vZGlmaWVkLVNpbmNlOiBUaHUsIDI0IE1hciAyMDE2IDE3OjQwOjA1IEdNVA0KSWYtTm9uZS1NYXRjaDogIjE3MjE5NjllNzMyYmNmZGRhNGQ4NWMxNjM5MGViYTcwOjE0NTg4NDI1OTciDQpVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJLzYuMQ0KSG9zdDogczEuc3ltY2IuY29tDQoNCg=="} 01184{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1127,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353172446185,"flow_src_last_pkt_time":1467353172446185,"flow_dst_last_pkt_time":1467353172446185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353172446185,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"s1.symcb.com","http": {"url":"s1.symcb.com\/pca3-g5.crl","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}}} 01582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1467353172446185,"flow_dst_last_pkt_time":1467353172450172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":839,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":839,"pkt_l4_len":805,"thread_ts_usec":1467353172450172,"pkt":"ABxCjnAxTF4M6gNlCABFAAM59KBAADkGeaEXKYWjwKhzCABQxUTR80FiXp79f1AYA7JdXgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZQ0KRVRhZzogIjM2ZGFiMGNkZDA1ODVlZmNmMjhlYjY3NzRhZWVlOTJhOjE0NjY3OTc4MTQiDQpMYXN0LU1vZGlmaWVkOiBGcmksIDI0IEp1biAyMDE2IDE5OjUwOjE0IEdNVA0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoxMSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA1MzMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vcGtpeC1jcmwNCg0KMIICETCB+jANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUXDTE2MDYyMzAwMDAwMFoXDTE2MDkzMDIzNTk1OVowDQYJKoZIhvcNAQEFBQADggEBAEI97eVcH1DiB1\/0Bno6J+K8HusVe3cUvr5+fyScH1zXRcf7c5djWYgN+SuML4v70NdV\/FuJwb2d1nTAPxF1qboQaHggi98zdzXj8RwrHgS5mm8yRgjh5Xn7nIaC171csZuQguJ7tmZuJ7r76UMkne0JyJ14wsSf90xX+g\/a\/dFyP90Y6ni5xSPgpc8d3Zgw\/EfU0UQm\/T+f09jhD1\/1X6BOBM7pQUZMpb0wu+RThkQxkoU7zdqSaSWoF1RKiDChBGCnoysqx+p1d9U16eVsZvZ0VQEVpSaXicfzrXu+tMxjeZnFuPSglD2NZ6ZxRQtvm2pR35dtCeWkmxI8I6zBG3M="} +01094{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1128,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353172446185,"flow_src_last_pkt_time":1467353172446185,"flow_dst_last_pkt_time":1467353172450172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":785,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":785,"midstream":1,"thread_ts_usec":1467353172450172,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"s1.symcb.com","http": {"url":"s1.symcb.com\/pca3-g5.crl","code":200,"content_type":"application\/pkix-crl","user_agent":"Microsoft-CryptoAPI\/6.1"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353172912736,"flow_src_last_pkt_time":1467353172912736,"flow_dst_last_pkt_time":1467353172912736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353172912736,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1467353172912736,"flow_dst_last_pkt_time":1467353172912736,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_usec":1467353172912736,"pkt":"TF4M6gNlABxCjnAxCABFAAOkIBFAAIAGyjnAqHMIymwO7MVFAFDpA4X9\/kkVyVAYQTfM+gAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNzIwNTEmc2g9JnNxPSZzdz0mdD0xcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} 01732{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353172912736,"flow_src_last_pkt_time":1467353172912736,"flow_dst_last_pkt_time":1467353172912736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353172912736,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353172051&sh=&sq=&sw=&t=1q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1467353172912736,"flow_dst_last_pkt_time":1467353173018400,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353173018400,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5BZNAADMGNKPKbA7swKhzCABQxUX+SRXJ6QOJeVAYACCXCgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01757{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1130,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353172912736,"flow_src_last_pkt_time":1467353172912736,"flow_dst_last_pkt_time":1467353173018400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353173018400,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353172051&sh=&sq=&sw=&t=1q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":200,"content_type":"image\/gif","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353179045522,"flow_src_last_pkt_time":1467353179045522,"flow_dst_last_pkt_time":1467353179045522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353179045522,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1467353179045522,"flow_dst_last_pkt_time":1467353179045522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353179045522,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6EAAAER3+LAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353179045522,"flow_src_last_pkt_time":1467353179045522,"flow_dst_last_pkt_time":1467353179045522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353179045522,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -321,6 +351,7 @@ 01719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1133,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1467353180357764,"flow_dst_last_pkt_time":1467353180357764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"thread_ts_usec":1467353180357764,"pkt":"TF4M6gNlABxCjnAxCABFAAOlJglAAIAGxEDAqHMIymwO7MVGAFChhpBHZLD+y1AYQTfUEAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODAwNTImc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} 01733{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353180357764,"flow_src_last_pkt_time":1467353180357764,"flow_dst_last_pkt_time":1467353180357764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":893,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":893,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":893,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353180357764,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353180052&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1134,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1467353180357764,"flow_dst_last_pkt_time":1467353180443128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353180443128,"pkt":"ABxCjnAxTF4M6gNlCABFAAC501VAADMGZuDKbA7swKhzCABQxUZksP7LoYaTxFAYACF90QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjE5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01758{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1134,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353180357764,"flow_src_last_pkt_time":1467353180357764,"flow_dst_last_pkt_time":1467353180443128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":893,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":893,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":893,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353180443128,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353180052&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":200,"content_type":"image\/gif","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1135,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353180830424,"flow_src_last_pkt_time":1467353180830424,"flow_dst_last_pkt_time":1467353180830424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353180830424,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1467353180830424,"flow_dst_last_pkt_time":1467353180830424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1467353180830424,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUgAAAQRyyvAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1135,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353180830424,"flow_src_last_pkt_time":1467353180830424,"flow_dst_last_pkt_time":1467353180830424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353180830424,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -328,6 +359,7 @@ 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1467353181295295,"flow_dst_last_pkt_time":1467353181295295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_usec":1467353181295295,"pkt":"TF4M6gNlKDc3Alz6CABFAAE99F1AAEAGPTfAqAUPROn9hf5oAFDPYUlYxJOK\/oAYEBX74gAAAQEICiYb7H8rI43TR0VUIC9jb21NYWdpY2FuQXBpL2NvbXBvc2l0ZS9hcHAucGhwL0dsb2JhbC9JbmRleC9pcCBIVFRQLzEuMQ0KSG9zdDogYXBpLm1hZ2ljYW5zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtdHcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTWFnaWNhbiAodW5rbm93biB2ZXJzaW9uKSBDRk5ldHdvcmsvNzIwLjUuNyBEYXJ3aW4vMTQuNS4wICh4ODZfNjQpDQoNCg=="} 01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1136,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353181295295,"flow_src_last_pkt_time":1467353181295295,"flow_dst_last_pkt_time":1467353181295295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":265,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353181295295,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1467353181295295,"flow_dst_last_pkt_time":1467353181515378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"thread_ts_usec":1467353181515378,"pkt":"KDc3Alz6TF4M6gNlCABFAAF4BFJAADUGOAhE6f2FwKgFDwBQ\/mjEk4r+z2FKYYAYABs0tgAAAQEICisjjrEmG+x\/SFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDU6NDY6NDcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"} +01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1137,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353181295295,"flow_src_last_pkt_time":1467353181295295,"flow_dst_last_pkt_time":1467353181515378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":265,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":324,"midstream":1,"thread_ts_usec":1467353181515378,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":502,"content_type":"text\/html","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":1467353182046716,"flow_dst_last_pkt_time":1467353179045522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353182046716,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6IAAAER3+HAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1467353183830773,"flow_dst_last_pkt_time":1467353180830424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1467353183830773,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUkAAAQRyyrAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_src_last_pkt_time":1467353185047598,"flow_dst_last_pkt_time":1467353179045522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353185047598,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6MAAAER3+DAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} @@ -335,6 +367,7 @@ 01367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1467353185940061,"flow_dst_last_pkt_time":1467353185940061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"thread_ts_usec":1467353185940061,"pkt":"TF4M6gNlABxCjnAxCABFAAKdKslAAIAGwJnAqHMIymwO28VHAFCsEt6EcxJBblAYAQR7YQAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0zMCZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxODUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} 01619{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1141,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353185940061,"flow_src_last_pkt_time":1467353185940061,"flow_dst_last_pkt_time":1467353185940061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353185940061,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353185&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1467353185940061,"flow_dst_last_pkt_time":1467353186002895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353186002895,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5ehdAADMGwC\/KbA7bwKhzCABQxUdzEkFurBLg+VAYADiXAQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01644{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1142,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353185940061,"flow_src_last_pkt_time":1467353185940061,"flow_dst_last_pkt_time":1467353186002895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353186002895,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353185&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":200,"content_type":"text\/html","user_agent":"QY-Player-Windows\/2.0.102"}}} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1467353186830866,"flow_dst_last_pkt_time":1467353180830424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1467353186830866,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUoAAAQRyynAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1144,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353187172929,"flow_src_last_pkt_time":1467353187172929,"flow_dst_last_pkt_time":1467353187172929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353187172929,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1467353187172929,"flow_dst_last_pkt_time":1467353187172929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353187172929,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAgsAAAERAYPAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} @@ -356,18 +389,18 @@ 00781{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834770,"flow_src_last_pkt_time":1467353136835528,"flow_dst_last_pkt_time":1467353136834770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":34,"flow_dst_packets_processed":11,"flow_first_seen":1467353136440165,"flow_src_last_pkt_time":1467353136952179,"flow_dst_last_pkt_time":1467353136908132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":1258,"flow_dst_tot_l4_payload_len":11715,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00780{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833940,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136833940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00781{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834125,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00782{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834293,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00781{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834211,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00784{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1467353136835425,"flow_src_last_pkt_time":1467353136837502,"flow_dst_last_pkt_time":1467353136835425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00781{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833527,"flow_src_last_pkt_time":1467353136833582,"flow_dst_last_pkt_time":1467353136833527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00783{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353136483217,"flow_src_last_pkt_time":1467353136483217,"flow_dst_last_pkt_time":1467353136483605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01093{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} -01094{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00780{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834375,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} -01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00780{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837135,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00780{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837248,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00782{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834031,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -418,6 +451,7 @@ 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190892847,"flow_dst_last_pkt_time":1467353190892847,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":1467353190892847,"pkt":"TF4M6gNlABxCjnAxCABFAACVLoRAAIAGUpzAqHMIaibba8VNAFAdei0\/k1iI9FAYQTd0xwAAR0VUIC9jaXR5anNvbiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVlBZ2VudF9ydW54eA0KSG9zdDogaXBsb2NhdGlvbi5nZW8ucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} 01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1169,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190892847,"flow_src_last_pkt_time":1467353190892847,"flow_dst_last_pkt_time":1467353190892847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":109,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190892847,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"iplocation.geo.qiyi.com","http": {"url":"iplocation.geo.qiyi.com\/cityjson","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}} 01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_src_last_pkt_time":1467353190892847,"flow_dst_last_pkt_time":1467353190978488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":497,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":497,"pkt_l4_len":463,"thread_ts_usec":1467353190978488,"pkt":"ABxCjnAxTF4M6gNlCABFAAHjK+5AADIGoeRqJttrwKhzCABQxU2TWIj0HXotrFAYAOXEmAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eQ0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGNoYXJzZXQ9dXRmLTgNCg0KZjINCnZhciByZXR1cm5JcENpdHkgPXsiY29kZSI6IkEwMDAwMCIsICJkYXRhIjogeyJpcCI6IjExOC4xNjMuOC45MCIsICJpc3AiOiLkuK3ljY7nlLXkv6EiLCAiY291bnRyeSI6IuS4reWbveWkp+mZhiIsICJwcm92aW5jZSI6IuWPsOa5viIsICJjaXR5IjoiTm9uZSIsICJpc3BfaWQiOjY5LCAiY291bnRyeV9pZCI6NDgsICJwcm92aW5jZV9pZCI6MjI4LCAiY2l0eV9pZCI6MjI4MDAwLCAibG9jYXRpb25faWQiOjY5MjI4MDAwfX0KDQo="} +01095{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1170,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190892847,"flow_src_last_pkt_time":1467353190892847,"flow_dst_last_pkt_time":1467353190978488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":109,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":443,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":443,"midstream":1,"thread_ts_usec":1467353190978488,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"iplocation.geo.qiyi.com","http": {"url":"iplocation.geo.qiyi.com\/cityjson","code":200,"content_type":"charset=utf-8","user_agent":"QYAgent_runxx"}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_src_last_pkt_time":1467353190892847,"flow_dst_last_pkt_time":1467353190978489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1467353190978489,"pkt":"ABxCjnAxTF4M6gNlCABFAAAtK+9AADIGo5lqJttrwKhzCABQxU2TWIqvHXotrFAYAOXCuQAAMA0KDQoA"} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_src_last_pkt_time":1467353191056486,"flow_dst_last_pkt_time":1467353179045522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353191056486,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6sAAAER39jAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1173,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191500926,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191500926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191500926,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -440,12 +474,14 @@ 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191604276,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1467353191604276,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L+lAAIAGTXjAqHMI3xpqE8ZQAFAEnujgm7SOJVAYQTfnOwAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2Jsb2cuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2Jsb2dfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} 01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1183,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191604276,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191604276,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191604276,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":0,"content_type":"","user_agent":"masblog_runxx"}}} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191606497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353191606497,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5GMJAAC4G\/04kbtwPwKhzCABQxk20SBDwor1D9lAYPLgN5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01338{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1184,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191538427,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191606497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353191606497,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"msg.video.qiyi.com","http": {"url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":200,"content_type":"image\/gif","user_agent":"QIYiAngent"}}} 01161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1186,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"thread_ts_usec":1467353191608484,"pkt":"ABxCjnAxTF4M6gNlCABFAAIApFFAADgGH8jfGmoTwKhzCABQxlCbtI4lBJ7pcFAYAB996wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2Jsb2ddDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} 01242{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1186,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191604276,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353191608484,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masblog_runxx"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1187,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191688041,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191688041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":550,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191688041,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1187,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191688041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1467353191688041,"pkt":"TF4M6gNlABxCjnAxCABFAAJOL\/RAAIAGZxbAqHMIZePIC8ZRAFCkQ4vBOJoXClAY\/\/Dn4QAAR0VUIC9jY3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IENvb2tpZUNsZWFyX3J1bnh4DQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25Kc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} 01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1187,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191688041,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191688041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":550,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191688041,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"api.cupid.iqiyi.com","http": {"url":"api.cupid.iqiyi.com\/ccs","code":0,"content_type":"","user_agent":"CookieClear_runxx"}}} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191722567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_usec":1467353191722567,"pkt":"ABxCjnAxTF4M6gNlCABFAAEVyyVAAC8GHh5l48gLwKhzCABQxlE4mhcKpEON51AYPCgsNwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2pzb247IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsiciI6ZmFsc2V9"} +01221{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191688041,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191722567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":550,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":237,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":237,"midstream":1,"thread_ts_usec":1467353191722567,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"api.cupid.iqiyi.com","http": {"url":"api.cupid.iqiyi.com\/ccs","code":200,"content_type":"text\/json","user_agent":"CookieClear_runxx"}}} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1190,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1467353192820786,"flow_dst_last_pkt_time":1467353189820488,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353192820786,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDkwAAAER9TTAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1192,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":5,"flow_src_last_pkt_time":1467353192836331,"flow_dst_last_pkt_time":1467353180830424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1467353192836331,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUwAAAQRyyfAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_src_last_pkt_time":1467353193179486,"flow_dst_last_pkt_time":1467353187172929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353193179486,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAo0AAAERAQHAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} @@ -457,12 +493,15 @@ 00989{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_src_last_pkt_time":1467353195855557,"flow_dst_last_pkt_time":1467353195855557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"thread_ts_usec":1467353195855557,"pkt":"TF4M6gNlABxCjnAxCABFAAGBMjFAAIAGqNHAqHMIe31vRsZUAFDL+rP6wuI4bVAY\/\/CsBQAAR0VUIC9hcGlzL3VyYy9zZXRyYz9ja3VpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZ0dklkPTQ3OTUzMTAwMCZ2aWRlb1BsYXlUaW1lPS0xJmFkZHRpbWU9MTQ2NzM1MzE5NSZ0ZXJtaW5hbElkPTEyJnZUeXBlPTAmY29tPTImcHBzVHZpZFR5cGU9MiZhZ2VudF90eXBlPTMwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRaXlpIExpc3QgQ2xpZW50IFBDIDUuMi4xNS4yMjQwDQpIb3N0OiBubC5yY2QuaXFpeWkuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} 01363{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353195855557,"flow_src_last_pkt_time":1467353195855557,"flow_dst_last_pkt_time":1467353195855557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353195855557,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"nl.rcd.iqiyi.com","http": {"url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_src_last_pkt_time":1467353195852766,"flow_dst_last_pkt_time":1467353195956508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353195956508,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5xWxAADMGdMnKbA7swKhzCABQxlNWUKyA6k+aDlAYACCSWwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01757{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1206,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353195852766,"flow_src_last_pkt_time":1467353195852766,"flow_dst_last_pkt_time":1467353195956508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353195956508,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353195054&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":200,"content_type":"image\/gif","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102","detected_os":"Windows 7"}}} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_src_last_pkt_time":1467353195855557,"flow_dst_last_pkt_time":1467353195998488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1467353195998488,"pkt":"ABxCjnAxTF4M6gNlCABFAAEFPIVAAC8G7\/l7fW9GwKhzCABQxlTC4jhty\/q1U1AYPLjA5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFRlbmdpbmUNCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MDY6MzUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDI5DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCg0KeyJkYXRhIjp0cnVlLCJjb2RlIjoiQTAwMDAwIn0="} +01263{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353195855557,"flow_src_last_pkt_time":1467353195855557,"flow_dst_last_pkt_time":1467353195998488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":221,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":221,"midstream":1,"thread_ts_usec":1467353195998488,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"nl.rcd.iqiyi.com","http": {"url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":200,"content_type":"text\/plain","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1210,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353196104228,"flow_src_last_pkt_time":1467353196104228,"flow_dst_last_pkt_time":1467353196104228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":865,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":865,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":865,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353196104228,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_src_last_pkt_time":1467353196104228,"flow_dst_last_pkt_time":1467353196104228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_usec":1467353196104228,"pkt":"TF4M6gNlABxCjnAxCABFAAOJMkZAAIAGuC7AqHMIymwO3cZVAFB2diePbxSNNlAYAQSFkwAAR0VUIC9jb3JlP3Q9MSZyZXNldD0wJnZmcm10cD0xJnRtMT0mdG0yPTAmdG0yMT0wJnRtMjI9MCZ0bTIzPTAmdG0yND0wJnRtMz0yMDkmdG0zMT05NCZ0bTMyPTMxJnRtMzM9NzgmdG0zND0xJnRtND0xNzYmdG00MT00NyZ0bTQyPTE2JnRtNDM9NzgmdG00ND03JnRtNT0zMjgmdG01MT0wJnRtNTI9MCZ0bTUzPTAmdG01ND02MyZ0bTY9JnRtNjI9MCZ0bTYzPTAmdG03PTAmdG03MT0wJnRtNzI9MCZ0bTczPTAmdG04PTAmdG04MT0wJnRtODI9MCZ0bTgzPTAmdG05PTk2MiZ0bTkyPTE1JnRtOTM9Mjk3JmNoaXBpZD1JbnRlbCUyOFIlMjklMjBDb3JlJTI4VE0lMjklMjBpNSUyRDI1NTdNJTIwQ1BVJTIwJTQwJTIwMSUyRTcwR0h6JnJhPTEmaXNoY2RuPTImcGY9MjAxJnA9MTEmcDE9MTE0JnAyPTMwMDAmc2RrdHA9MSZjMT0zMSZyPTQ3OTUzMTAwMCZhaWQ9MTgwOTMyMzAxJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPVdpbmRvd3MlMjA3JnY9NSUyRTIlMkUxNSUyRTIyNDAma3J2PTIlMkUwJTJFMTAyJmR0PSZodT0tMSZybj0xNDY3MzUzMTk1JmlzbG9jYWw9MCZhcz0wMzExYzVhMGQ1NTk2MDYzZGI1OTQ0YmQ3NmI2Y2JmZiZ2ZT1iMWY5MGY4ZGE2ZmUwMjU4ZDEzNjE2YTgwNzBjYjk5NyZwZT0mdmZybT0mY2hsPSZoY2Rudj0xMC4wLjAuMjkzJnRwY2Q9MCZpc2RybT0xJmh0PTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="} 01855{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1210,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353196104228,"flow_src_last_pkt_time":1467353196104228,"flow_dst_last_pkt_time":1467353196104228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":865,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":865,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":865,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353196104228,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=962&tm92=15&tm93=297&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":4,"flow_src_last_pkt_time":1467353196193494,"flow_dst_last_pkt_time":1467353187172929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353196193494,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAqQAAAERAOrAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_src_last_pkt_time":1467353196104228,"flow_dst_last_pkt_time":1467353196204492,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353196204492,"pkt":"ABxCjnAxTF4M6gNlCABFAAC53kZAADMGW\/7KbA7dwKhzCABQxlVvFI02dnYq8FAYAA859QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01880{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1213,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353196104228,"flow_src_last_pkt_time":1467353196104228,"flow_dst_last_pkt_time":1467353196204492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":865,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":865,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":865,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353196204492,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=962&tm92=15&tm93=297&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":200,"content_type":"text\/html","user_agent":"QY-Player-Windows\/2.0.102"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1214,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353196348641,"flow_src_last_pkt_time":1467353196348641,"flow_dst_last_pkt_time":1467353196348641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353196348641,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00990{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1467353196348641,"flow_dst_last_pkt_time":1467353196348641,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"thread_ts_usec":1467353196348641,"pkt":"TF4M6gNlABxCjnAxCABFAAGBMltAAIAGqKfAqHMIe31vRsZXAFCyDhiCAe\/eKVAY\/\/B8ngAAR0VUIC9hcGlzL3VyYy9zZXRyYz9ja3VpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZ0dklkPTQ3OTUzMTAwMCZ2aWRlb1BsYXlUaW1lPS0xJmFkZHRpbWU9MTQ2NzM1MzE5NSZ0ZXJtaW5hbElkPTEyJnZUeXBlPTAmY29tPTImcHBzVHZpZFR5cGU9MiZhZ2VudF90eXBlPTMwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRaXlpIExpc3QgQ2xpZW50IFBDIDUuMi4xNS4yMjQwDQpIb3N0OiBubC5yY2QuaXFpeWkuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} 01363{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1214,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353196348641,"flow_src_last_pkt_time":1467353196348641,"flow_dst_last_pkt_time":1467353196348641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353196348641,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"nl.rcd.iqiyi.com","http": {"url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} @@ -473,15 +512,19 @@ 00984{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":1467353196441555,"flow_dst_last_pkt_time":1467353196441555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"thread_ts_usec":1467353196441555,"pkt":"TF4M6gNlABxCjnAxCABFAAF8MmRAAIAGDUzAqHMIb84WTcZYAFAHr7sEMj+LIFAYAQTIFgAAR0VUIC9iP3Q9MTEmcGY9MjAxJnA9MTEmcDE9MTE0JnMxPTAmY3Q9MTQwODE5X2Fkc3luJmFkc3luPTEmYnJpbmZvPUlFX0lFOV85LjAuODExMi4xNjQyMV8xJm9zPVdpbmRvd3MlMjA3JnJuPTE5MjUyJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj01LjIuMTUuMjI0MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} 01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1216,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353196441555,"flow_src_last_pkt_time":1467353196441555,"flow_dst_last_pkt_time":1467353196441555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":340,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":340,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353196441555,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.iqiyi.com","http": {"url":"msg.iqiyi.com\/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_src_last_pkt_time":1467353196393319,"flow_dst_last_pkt_time":1467353196523719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353196523719,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5bd1AADMGzGnKbA7bwKhzCABQxlZz\/QmHa0ch+1AYADbMuQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01548{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1217,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353196393319,"flow_src_last_pkt_time":1467353196393319,"flow_dst_last_pkt_time":1467353196523719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":533,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353196523719,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"msg.71.am","http": {"url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":200,"content_type":"text\/html","user_agent":"QY-Player-Windows\/2.0.102"}}} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_src_last_pkt_time":1467353196441555,"flow_dst_last_pkt_time":1467353196535461,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_usec":1467353196535461,"pkt":"ABxCjnAxTF4M6gNlCABFAAC07BRAADMGoWNvzhZNwKhzCABQxlgyP4sgB6+8WFAYAB\/IEQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} +01378{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1218,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353196441555,"flow_src_last_pkt_time":1467353196441555,"flow_dst_last_pkt_time":1467353196535461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":340,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":340,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":140,"midstream":1,"thread_ts_usec":1467353196535461,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.iqiyi.com","http": {"url":"msg.iqiyi.com\/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240","code":200,"content_type":"text\/html","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1219,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353196740386,"flow_src_last_pkt_time":1467353196740386,"flow_dst_last_pkt_time":1467353196740386,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353196740386,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02043{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":1467353196740386,"flow_dst_last_pkt_time":1467353196740386,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1186,"pkt_l4_len":1152,"thread_ts_usec":1467353196740386,"pkt":"TF4M6gNlABxCjnAxCABFAASUMuBAAIAGCbjAqHMIb84WTcZZAFAJ9c2nhBlkGlAYAQR8TQAAR0VUIC9iP3BmPTIwMSZwPTExJnAxPTExNCZhcD0wJnNvdXJjZTE9bGlzdCZzb3VyY2UyPW9ubGluZV9sJnQ9MTEmY3Q9cGNfX2FkX3BsYXkmYWxidW1faWQ9MTgwOTMyMzAxJmMxPTQ3OTUzMTAwMCZjbHQ9aG9tZWRsJmNuPTE2MDUwNS0lRTYlQUQlQTMlRTclODklODclRUYlQkMlOUElRTklODMlOTElRTYlODElQkElRTYlQUMlQTclRTUlQjclQjQlRTQlQkElOEMlRTYlQUMlQTElRTUlQkQlOTIlRTYlOUQlQTUlRTUlOEYlOEQlRTklODAlODYlRTglQTIlQUQtJUU0JUJCJThBJUU2JTk5JTlBODAlRTUlOTAlOEUlRTglODQlQjElRTUlOEYlQTMlRTclQTclODAmY3B1dXNlPTMyLjgmZGU9MzJlNjU0ZmE1N2JlOTBlYzYzOGM0NmRkZmRkNjY3NTcmZGxsdj1hcHB2JTNENS4wLjAuMTAwMyU3Q29sdiUzRDUuMC4wLjExMDEmZXQ9MCZmdD0yMTc1Jmh0PTAmaHU9LTEma3Y9MTAuMC4wLjI5MyZsYW5nPSZtZW1waHk9NjUmbWVtdmlyPTEyMCZtdD0wJm12PTUuMi4xNS4yMjQwJnAyPTEwMTEmcGU9JnBvcHQ9MCZwdD0wJnB0eXBlPTEmcHU9JnI9NDc5NTMxMDAwJnJfaWQ9NDc5NTMxMDAwJnJhPTEmcm49MjA1MjYmc2Nobl9pZD0yMDAwMDM3MTklMjQlMjQlMjQlMjQxODA5MzIzMDEmc2Nobl9uYW1lPSVFNyVCQiVCQyVFOCU4OSVCQSVFNSVBOCVCMSVFNCVCOSU5MCUyNCUyNCUyNCUyNCVFNCVCQiU4QSVFNiU5OSU5QTgwJUU1JTkwJThFJUU4JTg0JUIxJUU1JThGJUEzJUU3JUE3JTgwJnNwdD0xNDY3MzUzMTk2JnN0YWdlPTImc3RpbWU9MCZ0dmlkPTQ3OTUzMTAwMCZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnVwbG9hZF9pZD0mdXJsPWh0dHAlM0ElMkYlMkZ3d3cuaXFpeWkuY29tJTJGdl8xOXJybHZ1eGxnLmh0bWwmdj0yLjAuMTAyLjMwMTQ3JnZlPTMzMzgyNWNkZjQ4NmNjOTRiNmQyOTU2ZjRkZTZkNGNiJnZpZD0yYjk0NzI5ZTNhOTIwYjIxMTk4ODZjNWM2NzdhZTlkYiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} 02148{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1219,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353196740386,"flow_src_last_pkt_time":1467353196740386,"flow_dst_last_pkt_time":1467353196740386,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353196740386,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.iqiyi.com","http": {"url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=32.8&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&kv=10.0.0.293&lang=&memphy=65&memvir=120&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=0&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=20526&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353196&stage=2&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_src_last_pkt_time":1467353196740386,"flow_dst_last_pkt_time":1467353196835349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_usec":1467353196835349,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0DHtAADMGgP1vzhZNwKhzCABQxlmEGWQaCfXSE1AYACGFOQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} +02173{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353196740386,"flow_src_last_pkt_time":1467353196740386,"flow_dst_last_pkt_time":1467353196835349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":140,"midstream":1,"thread_ts_usec":1467353196835349,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.iqiyi.com","http": {"url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=32.8&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&kv=10.0.0.293&lang=&memphy=65&memvir=120&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=0&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=20526&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353196&stage=2&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db","code":200,"content_type":"text\/html","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353196856069,"flow_src_last_pkt_time":1467353196856069,"flow_dst_last_pkt_time":1467353196856069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353196856069,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_src_last_pkt_time":1467353196856069,"flow_dst_last_pkt_time":1467353196856069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_usec":1467353196856069,"pkt":"TF4M6gNlABxCjnAxCABFAAEhMu5AAIAGSgnAqHMI3xpqFMZaAFCbMnrue8hN51AYAQSXSQAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMS5qcGc\/bm89MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} 01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1221,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353196856069,"flow_src_last_pkt_time":1467353196856069,"flow_dst_last_pkt_time":1467353196856069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353196856069,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"preimage1.qiyipic.com","http": {"url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_1.jpg?no=1","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 02230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_src_last_pkt_time":1467353196856069,"flow_dst_last_pkt_time":1467353196917508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353196917508,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjVAADgGss\/fGmoUwKhzCABQxlp7yE3nmzJ751AQAB9cGQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDY2MTIxMQ0KQ29ubmVjdGlvbjogY2xvc2UNCkV4cGlyZXM6IEZyaSwgMDUgTWF5IDIwMTcgMTc6MzU6NTUgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNSBNYXkgMjAxNiAxNjoyMzo1NSBHTVQNClgtQ2FjaGU6IGZyb20gMTI3LjAuMC4xDQpBZ2U6IDQ4ODM0NDENClZpYTogaHR0cC8xLjEgUVRTIChRVFMgW2NIcyBmIF0pDQpYLUNhY2hlOiBmcm9tIDEwLjIyMS4zMi4yMTYNClgtQ2FjaGU6IE1JU1MgZnJvbSAyMjMuMjYuMTA2LjIwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU\/9sAQwEDBAQFBAUJBQUJFA0LDRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU\/\/4AC3FpeWkxLjAuM\/\/AABEIA4QGQAMBIgACEQEDEQH\/xAAeAAACAwADAQEBAAAAAAAAAAAGBwQFCAIDCQABCv\/EAHAQAAEDAwMCAwUEBAoDCgcAIwECAwQFBhEAEiEHMRMiQQgUUWFxFSMygUKRobEJFiQzUmJywdHwJYLhFzRDc5KywsTS1CY1U2Oiw\/EYNkR0g4aTlKSz01RWZGZ1doSjtBknRUZVhZWWxdW14jdXZf\/EAB0BAAIDAQEBAQEAAAAAAAAAAAUGAwQHAgEIAAn\/xABKEQACAQMDAQUEBwYFAwQBAQkBAgMABBEFEiExBhMiQVEUYXGRIzKBobHB0QcVJELh8DM0UmJyFiXxJjU2Q4KSF0RTc6LCY7LS\/9oADAMBAAIRAxEAPwDytAyeNWtFoU6vyTFgRlSXcbsJ9B8fl+eqxHqdN32eupf+5vW5UmPVHaHUHUpMapNHCmlDdxnBxnP7NTSEouRRHT4I7mdYpW2g0MdQukl49JKsmm3fb0+gS3BuZ97aKUPpwDubWPK4MKHKVEc6GfB+71qP21vapV7RkmgxSmNKRQ8iNNSkh8JU22lxLigdq962\/E4T5c4BOs+RYyXt+9GvEJIzXtxb9zIY85++q2mvKhvb0f6yf6Q1fvM+8sb2vwajqp2x9KEaMLI6f1e5vG9xjq92\/SfdVsZCvmo9z8k5+mpopSG2jmvYSyHaelDtuyUwH0vLXs82ngvqqxcNDk0eP4PljJZU\/wCH5nMjBx9B66X\/AFL6K3H04lNe+x25cNxhuQ3JiKK0bVDI3DgpPxyPz0GUyqzaa9vjp93WrCfER6D4jRLayjnijVvclPAKOG4EOlTUKQvwv6qv0vppy2vUkLpxXv3o2+XSltd5ittlC0KkPf8ACSZPJ47AZ9NGTdbjURtq"} +01176{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1222,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353196856069,"flow_src_last_pkt_time":1467353196856069,"flow_dst_last_pkt_time":1467353196917508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":1260,"midstream":1,"thread_ts_usec":1467353196917508,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"preimage1.qiyipic.com","http": {"url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_1.jpg?no=1","code":200,"content_type":"image\/jpeg","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_src_last_pkt_time":1467353196856069,"flow_dst_last_pkt_time":1467353196917511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353196917511,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjZAADgGss7fGmoUwKhzCABQxlp7yFLTmzJ751AQAB+1AQAAFHWnfu3ebsPmflqKi8LbOppt0aSln8a0oQnzOKX6fXTzo\/s7tX30MrdPrafdJ9wOpqEVa0+eCttATGWR8cDKh8HCNIf2Y7kse++qsW3Z9ZRJmISqRHhlv7ua8gbtu88KwMqCRndtPwwr0FYe3t6IW8WfGaEajdpKO6T7a8f7q6eXHYM73S46PKpTyVFtK32z4SyP6Dn4VD6HUejUGdXqrT6VTI\/vdSmvtxYrHiJaC1rVtGVnhKfUlR4AJ16QVv3OsV+5oM2OzU4HhtpejSW0raWT2G05\/CnHPx0obh9myNSbjod09Pap\/FmsUupt1BtqSFvxFhIVlBSDuGc4POMZxg6\/XEcyITHyaXYrUM4B6Gst3D0dv22KjesSo2u6f4mtIdrsiFKafZjNrwULQrI8Tck7ylIyACVAaiTOjt7U2gUet1O2pFNpVZYVKp8lx5twPNBIWVHYo+Gdp3bV4OAT6a0xfk3q\/SqN1XjzmEVOHe7qXEyae+XGKY3w2pLbYTkbmQG1KIB8iTyd2lNevUKq1roxZ9hNOOsfYa1eNIShLQeSlstNIGw5O1CnASr8W7nOlh7u7jOGFMEOl2hfEkoApQO9P60p+VHRCeW9Ec2SG0srUtlWCdqwE+U4B4Vj8OhesUp+lSlx5aPCeR+JH6Q5wQfgc8YOmdXrjbcYne5Ux2lTJLiXHJbVVkuLOM\/i3K8xIJGVZ+Whhi7ZNK97Rs94XJTtcddcO4\/iJyfiSrOdXLa6mdvGK5v7Kygi320m41QWoypc57\/iT+8apK8zsqsv\/jDpm2pcKnrVl09bSdkbwvvd310AXb\/41P8AxaP3aMQybnNCnTFuDTCmX\/AehhjDIbSAPKnVJGrkeoyvd4EUynsZ2oT6D4nPH5n5aB6xc36KEI3fQaNvZ9v2pWncEydBmyKVU3Ep92qEfylsjdxnHGd37OdCJbRljMvU0q6Zo8N7cql0+1T5129VKLc\/Syqil3Xa9Qt6Y4kqZEyPtQ+njzNODyuDBTkpJxuGdLxuRMrLm2NCed3f0Ua2H7T3WGX7SU6g\/bURj3OhpKYcnGJKkqabS6HFA7Vblo8TAAx2ydKmO5DpLKWocZKNv6WdWraPwBzwa8vLeGwmMKDcR6HNLKkWS6k+LPgSD8vTRRGTIZ2tQ6a6P7RGNXc64okVKlPvo+m7QlVup7Dfkjqb\/I6u7iPOh+55T9XirgVKTSfPK4\/qJc1El3vLmJU2xD\/1lk6Cn788Zwq2hav62Tr4Xw5t8qUj\/V1x3j\/y8VaEMnklWFQg1yY2l9X3TKzhPwOO\/wCrOulNLqCW9q5pS38E5xrn\/HR+bQfdURl+9Ik+MiUCQkp27S3t7ZJwd2dc7URUalWIrlTZe+yVFXiOKSdnrjJHzx664DsR1oitrcEgAYqJ4K4v4Xx+rXwlFKfM\/wDs0YdYLVi2\/R6VPpjS\/DlZS67HytltSOVZVk4J3JIB+fOlYZC9vm8356mTGM1O9q8bbSc1bSFNq3bXV7tdLCXHlbfHA4yVHOAB+v8AdqvebmNspfcQUtr7HXFp7wVbtxV6HUrHCHb1qxDGAw39KNZfTyrU1Q94TGRmImaFLfH8yr8Kvz+HfUumWDVqp44YfiL8BxDToEgJCFKKgkHPx2q5Hw510nqOxJTJT\/Fqmp8SP7sOM+HyrCx\/X8xyeO6vUjFt"} 02233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":4,"flow_src_last_pkt_time":1467353196856069,"flow_dst_last_pkt_time":1467353196917514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353196917514,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjdAADgGss3fGmoUwKhzCABQxlp7yFe\/mzJ751AQAB+OMwAAb3Vv+L8NDSbYoc1SX\/HLk1jxSpWzYQoZ7HvxjnQgy3fpTVFFYbS2arHLFqkeP46vD8PG7du9A34hOO\/4cH9nfVUhPh7NqwtJGQpOcEfq0cSut4l0lcL+JduNKUywz7yiL5\/u\/wBLPxV3POqGlXwunqneBCaQ3LCUeEhRCUJG7hIx\/W0StHuCcSCht2lsFzEeaisK251awcuK264IuR2dbsej+EA2ztPi5ySRn0+f19NWFGi9+3bTVArEUBNJ2iNypFQbahtOuyCfKhlJUon5Dvpq9NY1Pol4Q5VxxhcrkZxMh2gRVbvFAVkpddCtree3BUeeQNLdy6pCIqo1OQKZFIwtDP43B\/XX3Ojj2f8AqYenFfmSmKo7Q57gT7tUWjgtqG7gn0zu\/ZpQOoDTwe58R+6rVjaJe3AinbYpog9qG2pVmdT55PT+b07psw+JDpExJWx4e1OfCcxtcHmBJSTgn6aRitqlK2\/h1qD23Paq\/wDcjZNvxFJiyUUMFMaclP3+xTTaXErWDtXvWjfgDy5wCedZdRofNfPdgb+lcT2gtJDGpz9uabVr+zZctxUaJUfeYkNqW0h9pCmJclRbUMpUTHYcSnIIOFEH4jXTWvZxu+nObIqIVZexhMaFICJS\/kiM7seWf7KDqjsKW7cVcYi1aVIlRWGEoaQ7IXhCUrR5U88AIzgDTXuONPtO1XHaJU6iwW2StyGJKnIzpE+otedleUqGyOyMY9M9ydMUFlaXEQKqc0tS3FxFLtDj5UgYdEny6uKdHgyHqkHC2IbbKlO7hnKdgBORzx8udWltUWrXVXm4tKhql1CY6Q3GjNbvFUok7QgDHP8ARA+GNXtcqtSvC6n7mq8wx6rICApFIaw6oobSgEBOAkqCQSc9yeOdWlp1e8bGqUaqWZQ6jQZcZW5qoNRlrlZ\/40pwnjPCAn89QwabJG+Shx8KJNN4c+dDyrEq1TmS4ECmyHZ0JLj0unstlx2OlA3OKOATsSEkqz+HB3fHUS1bQqdzSn2KXBenuMtKfeDLZX4bY\/EtXHCEjuo\/nqfV591tVWdWp5nxJcsuGTJUpSVueJu3gnIOFZUCD3zp39N\/Ze6iyLeqtx2zcVviG3Haak+6Vlbbj7L6eUgBHnTj8Qzzj11dFrHHMO9Ur8ajaU7ODQe90FrrttyJsIJlUeI7J3VflqK+W0pOG1uBPKgAUIUAVcYyeNJeS2gKUlv4\/i1vun2L1wkdLZ\/TCK1SJNDTUWo3guSErKpSvN5VuI\/CQU+ZPlGDg5CtImreyR1WqFYmUT7FYflUpj3pxj7VaSlhtalYUkLI\/GpC+AMkj5jNq\/tIpUyhHFVbe4Y5D1nRNPdeV5f+UeBr9agrVKLCVITwTvXnaB8T3OjKbWqxUXKNV5lGbXAiMMsM+DCDLDyGuPMUABajjCl5Kjzk5113fddJuy559XFHYtsyllaYlJCvdWQf0EtrOQB\/aP00AfTtkRYZDfCikEitIFfp510z+lVdg4VKVDRmIidzIH8yr8Kvz+HfVhROn1bqEqQ4j7NnpbU1GfQqSlONxITgkcZ2dx+emRQ6zGuOkzJNDtqkyBDpyBUJkkBKIzi\/FKA2nlRJCeVDHJVn0OpFS6nz+ndES87b9vVZsTQk+8surUSYzajkKWQQfFPwwU59cCglpewjvRRnvdLdu6yc0ppX"} 02244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":5,"flow_src_last_pkt_time":1467353196856069,"flow_dst_last_pkt_time":1467353196917514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353196917514,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjhAADgGsszfGmoUwKhzCABQxlp7yFyrmzJ751AQAB+3QwAATSqBtUgtNMR+VbPF34GzxO+PRBB\/Z340RXN0XnW100t2835kJdPrZeRFYjvhT4Latqt7fdI\/DgnvnV0710ZqVtzX5dkW3CjltlhlbcX715bZJwn65ysn5ep0DDqzL3VHbFQhmVgBlLmEtjaUkIHPB47fAfAalhuWiJM69ar3cVtsHs7c1NsrqexYtAr1PXatArj1UQhtuZWYRfch7FbssHcNpV2JOcj5ZyNVVv36Ol9pEdDKOT4Y2ZWfxcEk+npgd8DX6LjmVy34VuMQ1OqCkBGw7lKUM9hj1yPX012VHppcdORuVCU8MfhjrDhH+qOeNWEN3dxEpGWQelCCY4m5bBNBY9dWNGoc6vyvdqfHXJexuISOw+JOoSWxzps+z71KPTWuTZEepu0OoOBBjVFo4LahnjOOAc\/s50AfcqnA5o\/YQR3NwsUrbQfOhPqR0kvLpHV0U28rdn2\/LdG5n3xopQ+njzNufhcAChyknuNCGtV+237VQ9o+Rb8NTcWS3Q0kRpqUHxwlTTaXErXnavetvfwkbc4yedZZ2asRKzDcahuYhBKY85+HNcNp1x82pCE99SoNNdnPJQ0n5lXoB8TqYRMxwKoswFR4kNyY8ENfmfQD4nWhOkvTCLbUNuvVxpC5JQHokR9ORj0edT8P6KPXueMZ7+l3SqPQ4bNZq7AWpQDkSG8P5z4Puj+gO6Unv68d2WyouOipSFF1xeXYyHPU+r6x\/wAxP5\/DWr9nOzohxd3I58h+ZpJ1XVDJmCA8eZ\/KufiPRyp6Qlx+rSTtbQo\/eN7\/ANH5OLH4j+inj1Oq55tyVKFLYkJ2n72XKR28vCl\/RI8iM+p+epCnlMsqkLUUSHWzhR\/Ew0r9I\/11+nwH1197mum09SdivfJGxx4eqUj+bZHz9VD5\/LWlvJuGB0pPWPByf7\/8VzioEiWp5DXhRoaUIjN\/0F\/8GB8SkZWT8SM99D\/UKoC37LDaVbHqo6Mf0vBRkJ\/X5j\/rDRm1BU2lqD4mVbvDLv8ASdV\/OL+gAwPppGddLqEy6DFQoeDBaDaU\/DPb9QCdCNUuxa2rNRPT7YyzgeVL+uVzalW7Qmwg1GUUBxKVKydyuwA5+evypSjIcVqJEkKjPb+fhrA7+7eZiRWo2cSIQG6UZVHpNXIez3kxGiYiJwzIT\/Mq\/Cr8\/h319TukNbq3vPuj0F0R3ENO5kpTtUsqCe+OPKrkcasHurUd5MkfxWpo8SP7ung\/dnKjvH9bk8+uVfLE63evIt+KlkWlRKgtL\/jlycwXitWwoIUM+uc8Y550ul5z5UyiPTiOSaGnulNcjxPeFpYDO3du3548PxPh\/QOf9uhSbDMJzw1LS7lIUFozg5+o03pvtFszqOqn\/wARrcbJZYZ94RFwv7vPOfir9LQZF6gOsSqiqLTW225wS34LaiAhIChhP13Z11EkshxiqVzHaKmYW5qus5rwnpErB+6bUR8z6DV\/QLbTAaVNmJy8v8KcZxo4tpt2J08TFqDAbCSnHPIxn0+Jz8+2oIb8QKfdT5eyR+7X0n2N7MpHCl1eL4gMqPzP5UoTT4ZttQnqfJolQdhSmlMPsnatJ9D\/AHjHOiWgOOPDahO71Omb1CsNN4UdE6AjNZioykJHMhsfofUen6tAnSy\/X7JrD0uDU3qLU0j+TzWjtW2rkd+cd\/2ap6uLnSI3"} @@ -496,10 +539,12 @@ 02346{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1236,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353197951316,"flow_src_last_pkt_time":1467353197951316,"flow_dst_last_pkt_time":1467353197951316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353197951316,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.iqiyi.com","http": {"url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=14.1&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&isdm=0&islocal=0&kv=10.0.0.293&lang=&memphy=67&memvir=121&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=2&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=23987&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353197&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db&msg=MXw0fAdQAFIDUgFRSAB6dwNkBQJmfXV3dnlhYnlIBXTVxy4aOL0AdC6QWRaDSKB1coddi1OrtiAzNf3H8peCv1L%2FR2%2B6TYFDUzmIp9ooS%2FsqQ0NthJKT3AHtCJH6JaKHd1KdpL6pERym0J3ANQlVS9nAlwll6r%2B3LW9imuGwfh4%3D","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_src_last_pkt_time":1467353197951570,"flow_dst_last_pkt_time":1467353197951316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1467353197951570,"pkt":"TF4M6gNlABxCjnAxCABFAABuM2xAAIAGDVLAqHMIb84WTcZbAFDJCjUMTd\/tYVAYAQQaAAAAIG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_src_last_pkt_time":1467353197951570,"flow_dst_last_pkt_time":1467353198052905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_usec":1467353198052905,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0gHZAADMGDQJvzhZNwKhzCABQxltN3+1hyQo1UlAYACMO1AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} +02369{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1238,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353197951316,"flow_src_last_pkt_time":1467353197951570,"flow_dst_last_pkt_time":1467353198052905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":140,"midstream":1,"thread_ts_usec":1467353198052905,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.iqiyi.com","http": {"url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=14.1&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&isdm=0&islocal=0&kv=10.0.0.293&lang=&memphy=67&memvir=121&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=2&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=23987&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353197&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db&msg=MXw0fAdQAFIDUgFRSAB6dwNkBQJmfXV3dnlhYnlIBXTVxy4aOL0AdC6QWRaDSKB1coddi1OrtiAzNf3H8peCv1L%2FR2%2B6TYFDUzmIp9ooS%2FsqQ0NthJKT3AHtCJH6JaKHd1KdpL6pERym0J3ANQlVS9nAlwll6r%2B3LW9imuGwfh4%3D","code":200,"content_type":"text\/html","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353198532645,"flow_src_last_pkt_time":1467353198532645,"flow_dst_last_pkt_time":1467353198532645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353198532645,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":1467353198532645,"flow_dst_last_pkt_time":1467353198532645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_usec":1467353198532645,"pkt":"TF4M6gNlABxCjnAxCABFAAEhM5pAAIAGSV3AqHMI3xpqFMZcAFDCryK2CgBK\/VAYAQQ7tAAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMi5qcGc\/bm89MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} 01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1239,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353198532645,"flow_src_last_pkt_time":1467353198532645,"flow_dst_last_pkt_time":1467353198532645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353198532645,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"preimage1.qiyipic.com","http": {"url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_2.jpg?no=2","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 02242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_src_last_pkt_time":1467353198532645,"flow_dst_last_pkt_time":1467353198595498,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353198595498,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJVAADgGwG\/fGmoUwKhzCABQxlwKAEr9wq8jr1AQAB\/+YwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozOCBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDY4MDQ1Mw0KQ29ubmVjdGlvbjogY2xvc2UNCkV4cGlyZXM6IEZyaSwgMDUgTWF5IDIwMTcgMTc6MzU6NTYgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNSBNYXkgMjAxNiAxNjoyMzo1NSBHTVQNClgtQ2FjaGU6IGZyb20gMTI3LjAuMC4xDQpBZ2U6IDQ4ODM0NDINClZpYTogaHR0cC8xLjEgUVRTIChRVFMgW2NIcyBmIF0pDQpYLUNhY2hlOiBmcm9tIDEwLjIyMS4zMi4yMTYNClgtQ2FjaGU6IE1JU1MgZnJvbSAyMjMuMjYuMTA2LjIwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU\/9sAQwEDBAQFBAUJBQUJFA0LDRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU\/\/4AC3FpeWkxLjAuM\/\/AABEIA4QGQAMBIgACEQEDEQH\/xAAeAAACAwADAQEBAAAAAAAAAAAGBwQFCAIDCQABCv\/EAG8QAAEDAwMCBAMEBAgGDQUCHwECAwQFBhEAEiEHMQgTIkEUUWEVMnGBI0KRoQkWJFJyscHRJTNigsPwFyY0Q3OSssLE0tTh8TVThqKz0xg2RGODhIWTo6S0J1RkdHWURnYZN0VVVmVmlZbF4tUp\/8QAHQEAAgMBAQEBAQAAAAAAAAAABQYDBAcCAQgACf\/EAEcRAAIBAwMBBgMGAwcEAQMCBwECAwAEEQUSITEGEyJBUWEUcYEjMpGhsdEVweEHJDNCUmLwFiVy8SY0Q1NzNYKyosJjg9L\/2gAMAwEAAhEDEQA\/APMptJVH130SjzK1ODEJhT7nfaPYfU\/36sLbZpa5kcVlcxmmZPnLp7aFPYwcbQogZzjufnpudML6tTppWVy7NuK4oNWd+7OqUFmN5GAcbVNvOHnPOQB9dazqvexW8bxLlgK902GK6uRDM20HzpX9Quk14dJ6+mm3hbs635Lw8xn4xrah5PHqbX91wcpyUk9+dVO39FrVXio8T1teJOo0iFdEycw1Qk4p82j0xuVIUFNoS8h5S32knctsODaDjdjSXTR+mhR\/8EV3\/wCdb0Q\/9O132ZlLRu0gOSfSoNQiW2mMQOflzSwqSfu64U5Pq0xp1E6YHG+6LuT\/AOjUX\/t+umJROmSVei6rsV+Nsxv+36hlUfxbf5VSDjZ0oKmp\/Qq120RP8lV+OjiVR+nKm1brouhH\/ozGP\/T9fU2j9O0x1eXdVzrTnv8AxYj8f\/R+j\/fKmqCTB+6fKoi+UxQFTU+pz8TqJKZP2n+f9+mRBo\/Tncry7suVfJ\/\/AAYYH\/T9R36H02+L3Ku250q+"} +01176{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1240,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353198532645,"flow_src_last_pkt_time":1467353198532645,"flow_dst_last_pkt_time":1467353198595498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":1260,"midstream":1,"thread_ts_usec":1467353198595498,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"preimage1.qiyipic.com","http": {"url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_2.jpg?no=2","code":200,"content_type":"image\/jpeg","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 02251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_src_last_pkt_time":1467353198532645,"flow_dst_last_pkt_time":1467353198595505,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353198595505,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJZAADgGwG7fGmoUwKhzCABQxlwKAE\/pwq8jr1AQAB8TPwAAQtiP\/X8fofczLJZRL\/v\/AJ10rgMaH2Gf0Z1VVRnTPjUywEtnbclzqH\/4txv+36rp9H6bKz5tz3WP6Nsxj\/0\/TXrE0cmn7QD09DVaNjvoBpjfp1znU2VIcOxhxTO3cpxDZUEjnvgfQ9\/kdMGm0bpqlI2XLdrn\/o5FH\/T9HQ6yUG2uklRsGHVriXDly3XBJfo0UFplaUZbSBKJGVpWo+rH6Q8ZJ0lao8w0NVtwc5GeOMfOiVqYmnxKcCg6odBbrtWm0V+ox2Gm6o0XGFCU2spISpRQ4kEqaWEDdtWEn8+Nc5fQi6E7EFMNCluIaAMtGQpRwnPJ4ORydHnUzrNSes\/2KupyKzGZp0NDO+PSY6nZDqRtLrizKHcfvJ1Uzn6DNoUaGmnXP5aWkJakx7dYSp1KVbgorEkhWT3Iz31Qgve0ENiqumF8sjyo+kejk5Lkmq1fhC6hU9DqlM0xzccFLc9ClcKAPGP8odtLOv2vPs6vzKPUUoTMiq2u+UrekH6Ht+zTeVVqHU0T0NWpcm6WzjezbzSVoHqTvQQ7nPqwT+3Vr0XtGkXqK5FtuDc9TktNIVML8unxEoQd4QEl1RGSQc89wNRaRfTWzCa7P2a+f1qneLaFMW2S1Z3nt418lHoT+Gtf0\/wxVG94D1sU62a09IhOtMeWu5qQlYdU0h0cc7glDyCvafzJ1lao0ldLnTYT6C29FecYcRuC9qkKKVDI4OCDyANaFpeo2mrXEq27ZIFBGR41BcYodQCY6tSKJSJlZnCPBjqfe+8Up9h+P9+rC3GqUufH+2lzG6Zk+caelCnsYONoUQO+O5+em50yvu0umdZVMs64rip1Wd5TOqMNmP5GAcbVNuuHnPO4AfXSjqxlggSSJcsBRTTYYrq5EMzbQfOlb1E6TXh0kryKbeFuz7flPArZ+MaKUPp49Ta\/uuD1J5ST351UJb9OtW+KrxO2z4lKjR4d0TZzTVCTtp02jU5qTIUFtoS8l5a32knctsLG1JxuxnSURR+mpSn\/AA\/d6f8A5QxD\/wBN1x2ZlLJIzqck+lQ6hCLeXuwQcenNLCop241wgJ3uaZU2i9MDjfct3J\/9HIh\/6frpi0bpilz0XPdh\/G2ov\/b9cygfxbd5VSD+DFA0xH6PUijJ\/krn46NplG6cKbO66LpH4WzGP\/T9cqZSOnaWHPKue6Fc\/wD7Mxh\/0\/R8TKmqB8H7p8jUJbKYoCpbf6RzPz\/t1Ekt\/wCESPqNMaDRunO9zy7nuhfz\/wBrMf8A7frpfofTb4w7rqugOZ7fxZjH9\/x+hlzMr2US\/wC\/+ddK\/iPFDjDPp1VVNs86aLFM6fBO1Nx3Qf8A0cjf9v1XzaN02P8Ajbmuwf0bai\/9v026vPFLp+1c9PQ1DGWDcil9SmztPOu6bTZMhYUhhxTIG5TiW1KCRz3wD\/qNHtOpHTNI\/RXDdzv\/AKOxU\/8ATjo5HWShW10lqVgw6ncTkOXLecTJk0mNlthaEZbAEknJWlajzj1n3J0l6o8x0RVtwc5GeOMfOiFr3bT4mOBQhUOgl1WpTaK\/UY0dpuqtFxgolNrUkhKlFDiAoqaVtGcLA\/brnK6FXQnCFIhoUtxLQCpSM7lHCQRk98jv20ddTes1M60fYqqm9WIrNOhts741LjqdkOgbS64syR3H7yc6qZ0mhzKDFi\/ZdylkMIQ1"} 02244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":4,"flow_src_last_pkt_time":1467353198532645,"flow_dst_last_pkt_time":1467353198595506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353198595506,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJdAADgGwG3fGmoUwKhzCABQxlwKAFTVwq8jr1AQAB8\/CgAAIjUFhKnUpVu3bhIO4n5\/XQ2C+7QQ2CrLHhfIkeVMSRaO3VyTVerwg9Q6e06tbNMXkkbW56FK4ODx79wePbS0r1rT7Nr8yjVFKUzIq\/Ld8pW9OfoexGm8qsUKqMzm2LSuQqlM7cs2+0lTYG5O9GHDzleM\/PGrXotaVGvZNbi27TboqkpptBmebNgQ0oSrelO0unGThXv3A1xpGoT2zCa8x3a+f1qpepad3i3yWrO04YUNfIQdg1sGn+GWpXtCetam2rWn34LzTHluXTSEL81TSXRwEncEoeQVbTx8ydZUnUtdKqE2C62UPRnlsLQVBe1SVFKhkDBxg860LStRtNXuJVt2yQKAujxgFxihp4ZCQDqzoNGl1l8sQmVSHsZKU+31P013UdqlLqUT7acmM0vnz1wW0reAwcbErKQTnHcjTg6XXxa3TWqqmWdcdwwqo7ymoVGAzF8jAVjapt908lXO4Acd9J13JLZs0kCbmx0orp0MV1cLDM21T50ruonSe8ek9dRTbwt2db8p0b2fi2tqH08eptf3XE8p5ST351UIbOtV+KvxPWz4lKlRodzz5sdmggJp8+j0tqXIUFNoS8l5S5DSfUtsODaDjdjOkmmi9Nsem5Lt\/O3Iv\/btcdmpS6yPIuCT6VBqEQtpTEDnHpzSzqDfqTrqhJ\/TaY06i9NCr1XTdSP\/AEZjH\/p+o8aidNkuei7LoP8A6MR\/+36r3AH8T3e9UxJ4aCZ6fSNTac3\/ACE6L5tE6c7Ruuu5kf8AozH\/AO36lQaP0\/TF2puq5Cn+d\/Flj\/t2j1pKItSkf1X0qPf4KX1MTucc\/HUOW3\/Lz+I0yIND6cpU5tu25D\/6Ms\/9u10yqD04+K3Ku65N383+LLP\/AG7Q+5lD2Ea\/7v510sniNDkZn9HqpqbfqOmcxTbAbTtTc9yn\/wBGo4\/6fqBPovTped91XSn\/ANGY\/wD2\/TXrE0UmnBVB6DyNQxsd5JoAp7PpTrul0uVIcBbZcWzjcpxDZUEjnk4H0P7Do5g0jp23nZc90L\/9HI3\/AG\/TAjdY6DbnSCo2DErFwuQ5ct1xMl6jRwWmFpRltKRKJGVpWo+rHrPuTpN1RpRo6rbjnjPHlV62MTTfanAoOqHQC67Sp9FfqLEdpuqtKcY2SmllJCVLKHEg5aUEjOFgH8+Nc5PQi6EbUKRDQ4txLQCpaMhROE5598jvo56pdcKL1rVRlVGVWojdPiIZKmKPHU7IdHpLi1mWM5H07k6rJcm359DixPgLnDSGkIbkxraYSt1KVbt28SjuJ9zz30KtL7XIbFVKAL6kUwpHpJ+8xJqD\/wC9D6hU0uOus0txOSNrc9ClZBx2xk9x2+ulfdFrTrPuKbSKilAmRF7HQ0rekH6H3\/HThNYoNXMyOxatyKcmM7Qpu3WkqRjcnen9MefXyfnj3OrXo9ZlGvIVqLbcK6KnMaaQZhefp8RCEneEhJdcIyfVnnuBqTTb+4gi33RHdqetVLuO02f3fJas6Sk\/ou+voyDs1sSleGKo3vTX7Up1t1x5+C80x5a7hpCVl1TSXQMZO4JQ62VbScdsnWTpdLcpU+dCfSWnor62HEFYXtKFFKhkcHGO408adqdrqt2y27ZKrzQFo3jXxDFfW63myLmPzeht\/tU4f+bqpYo064a3JjwGFSHStSsJ4AGT3P8AedX9"} 02244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":5,"flow_src_last_pkt_time":1467353198532645,"flow_dst_last_pkt_time":1467353198595507,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353198595507,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJhAADgGwGzfGmoUwKhzCABQxlwKAFnBwq8jr1AQAB\/qogAArN5s6sp\/nVWno\/amSf7NEvQPqeenNyVCbHqjlCqT2FRqi1wppQKuM44B3fhxrP8AV2aOzjKj\/mTRjTLeO5uu6lbaD5\/ShHqN0lvLpHVkU28bdn29LcTuZ+MaKW308eptz7rgGU5KSRyNCHJ7DnWp\/G74qh4jZVvxFJjSUUPKY01CD5wSpptLiVrB2r3rRv4HpzgE86y8lPpOl6BjMucV7dQi3lMYOfzrrCNyddjae+pERsKSvX75Y3N\/U6LLaHar\/wDOtD93UV+voPl\/s1xQ2fhVasJjO1lSvw10xm90NzR+e123ewD\/AC1CG8OajBo+S0r2J12xo+Z7idSA2VRY6v8A4pjXbEQG6q4gkJPy99S21r44t44yP0r8SdpxUSWnypSPx1xqOXHWtdtVQRNT89fktsJkMc\/LVq5RszxgcblrhT0NdcyPta3a+jUeS8hDrbS1skblLQ2pQQOeTgfT92p9RZxF3aZNrdcKnQejMzp2006tuVKdd+JU4nDTLiUZbQMZ5UlZPqx61e5OhGtWNwtwotRluKt2Zjc\/anAqsr\/hzuy24NElTo8ZpurNFbP8qbUUkJKylxIJU0vaM4WBnUZXh0u9taQpEBtS3EtAKmIyFE4GRngHI0T9YPEJVOsK6OmdAbhimRUMKUhYU5IdSMF1a8ZJI\/rOhiZdlbqNFiQkWmfJ8lDbUuPDWFvISrO7cB6iexVz30oXUOo20Qe5UDJpmij0th98k0RyvBt1Fht7ls0tZyRhFQQpXBGeP84HjSpue1ahZFzSaPUUtidCXhwNK3pBHyI7jR8\/dldqbc1prp+lKpjG1JZp7m5AG5PmJIHf1Yz8\/rqV0Ssq9Opi7ji2lSo9RdRGT8UZU1uNsSpK0pALigMk59xyBri1uGVw8zAKMZqndR2oT+753VQ+UW6l1PRt+7HX+WJ7Gu20mtnTXePvLriT\/wDM47h\/52tGUDwo9W+oCL4tyl0OmOSA21FS2utxQ4t9RjSVAJ387WlpKiOBwOTpC0qkyaFasamTUBEmNW6k08gEKAcajNhQyPkSec60LTby2urjEDglVbp7mluRGRTvGOlLJ1POrSi0eXWD8PDjqfexnaPb6k\/3676NGpi6zHFbfmR6Xz5ztPZQ68Bg7diFqSDk47kfjpydNL1tbprVTOs25bhiVVztPqNNYhhjAP3FtvunnPuANXrx5rQSvAm5sdKI6dBFdXCQzNtU+dKe\/Ok149JK83Tbxt2fb8l0b2fjGilD6ePU24PS4OU8pJ7jVPs1rLxQ+Jy2PExUqPDumpT4jdCSE06bR6S1MfUlbaEvJeWuSyn1LbCxtScbsZ0kfsLpp+rdN2f59sxv+36r9mZS1szSKc59Kh1CMW0xjznHpzSrnIPma4wknzNMabQOmanDuu+6Ef8AotHP\/T9dUWgdNUr9F5XMfwtVn\/t+hLgfxMt71WV8rQHPT21YQU\/4P\/LRlMoHTdSRvvO4Ufja7X\/btd8Wi9PkxNqbwr5bx95VsNj\/AKbpgtJRFqEr+q1GxytL6mJ+\/wDnqFJb\/l35jTJh0Dp5lWy8q8r\/ANGGx\/03XQ7bnTn4rcq86+FfL+K7f\/bdULmUSWMS+jVIG8RoajMHyzqtqbZCtM5ij9P0t+m67gP\/AKMtf9u1WVGidOlffu25R+FsM\/8AbtNerTxyadtXOceh"} @@ -507,6 +552,7 @@ 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":5,"flow_src_last_pkt_time":1467353199193666,"flow_dst_last_pkt_time":1467353187172929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353199193666,"pkt":"AQBef\/\/6jHNut5ODCABFAAChArUAAAERANnAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1246,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1467353152692906,"flow_src_last_pkt_time":1467353167734702,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":798,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353199193666,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_src_last_pkt_time":1467353196348641,"flow_dst_last_pkt_time":1467353199417673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1467353199417673,"pkt":"ABxCjnAxTF4M6gNlCABFAAEF4D5AADEGSkB7fW9GwKhzCABQxlcB794psg4Z21AYPLiOgAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFRlbmdpbmUNCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MDY6MzggR01UDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDI5DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCg0KeyJkYXRhIjp0cnVlLCJjb2RlIjoiQTAwMDAwIn0="} +01263{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1246,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353196348641,"flow_src_last_pkt_time":1467353196348641,"flow_dst_last_pkt_time":1467353199417673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":221,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":221,"midstream":1,"thread_ts_usec":1467353199417673,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"nl.rcd.iqiyi.com","http": {"url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":200,"content_type":"text\/plain","user_agent":"Qiyi List Client PC 5.2.15.2240"}}} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":5,"flow_src_last_pkt_time":1467353200142502,"flow_dst_last_pkt_time":1467353197131515,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353200142502,"pkt":"AQBef\/\/6dNArkea6CABFAAChdIcAAAERISHAqHMB7\/\/\/+scBB2wAjWbYTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353200271229,"flow_src_last_pkt_time":1467353200271229,"flow_dst_last_pkt_time":1467353200271229,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353200271229,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":1467353200271229,"flow_dst_last_pkt_time":1467353200271229,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_usec":1467353200271229,"pkt":"TF4M6gNlABxCjnAxCABFAAEhNFdAAIAGSKDAqHMI3xpqFMZdAFCAFVM2Sak8SVAYAQQb1wAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMy5qcGc\/bm89MyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} @@ -561,8 +607,8 @@ 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191604276,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1467353196856069,"flow_src_last_pkt_time":1467353196856069,"flow_dst_last_pkt_time":1467353196947855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":11340,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1467353198532645,"flow_src_last_pkt_time":1467353198532645,"flow_dst_last_pkt_time":1467353198595507,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":5040,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} -00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353200271229,"flow_src_last_pkt_time":1467353200271229,"flow_dst_last_pkt_time":1467353200271229,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353190168494,"flow_src_last_pkt_time":1467353190235492,"flow_dst_last_pkt_time":1467353190168494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353200271229,"flow_src_last_pkt_time":1467353200271229,"flow_dst_last_pkt_time":1467353200271229,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +01303{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353190168494,"flow_src_last_pkt_time":1467353190235492,"flow_dst_last_pkt_time":1467353190168494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00877{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":229,"flow_dst_packets_processed":109,"flow_first_seen":1467353136439181,"flow_src_last_pkt_time":1467353136982489,"flow_dst_last_pkt_time":1467353136979493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":8473,"flow_dst_tot_l4_payload_len":116085,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.42.0.158","src_port":22793,"dst_port":7716,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":229,"flow_dst_packets_processed":109,"flow_first_seen":1467353136439181,"flow_src_last_pkt_time":1467353136982489,"flow_dst_last_pkt_time":1467353136979493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":8473,"flow_dst_tot_l4_payload_len":116085,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.42.0.158","src_port":22793,"dst_port":7716,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1467353187172929,"flow_src_last_pkt_time":1467353202194334,"flow_dst_last_pkt_time":1467353187172929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":798,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -588,15 +634,15 @@ 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353147705460,"flow_src_last_pkt_time":1467353147705460,"flow_dst_last_pkt_time":1467353147794494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":363,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":363,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":363,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353147927208,"flow_src_last_pkt_time":1467353147927208,"flow_dst_last_pkt_time":1467353148016498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":568,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353150114018,"flow_src_last_pkt_time":1467353150114018,"flow_dst_last_pkt_time":1467353150272483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":893,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":893,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":893,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} -00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353155790340,"flow_src_last_pkt_time":1467353155790340,"flow_dst_last_pkt_time":1467353155790340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353155790340,"flow_src_last_pkt_time":1467353155790340,"flow_dst_last_pkt_time":1467353155790340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353157468345,"flow_src_last_pkt_time":1467353157468345,"flow_dst_last_pkt_time":1467353157533198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1467353165300743,"flow_src_last_pkt_time":1467353165733979,"flow_dst_last_pkt_time":1467353165845483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":898,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":2682,"flow_dst_tot_l4_payload_len":435,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353172912736,"flow_src_last_pkt_time":1467353180202498,"flow_dst_last_pkt_time":1467353173018400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":893,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":1785,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353180357764,"flow_src_last_pkt_time":1467353180357764,"flow_dst_last_pkt_time":1467353180443128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":893,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":893,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":893,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353185940061,"flow_src_last_pkt_time":1467353185940061,"flow_dst_last_pkt_time":1467353186002895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} -00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353189363217,"flow_src_last_pkt_time":1467353189363217,"flow_dst_last_pkt_time":1467353189363217,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190110976,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":302,"flow_src_tot_l4_payload_len":2737,"flow_dst_tot_l4_payload_len":302,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353189363217,"flow_src_last_pkt_time":1467353189363217,"flow_dst_last_pkt_time":1467353189363217,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} +01303{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190110976,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":302,"flow_src_tot_l4_payload_len":2737,"flow_dst_tot_l4_payload_len":302,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} 00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834770,"flow_src_last_pkt_time":1467353136835528,"flow_dst_last_pkt_time":1467353136834770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834770,"flow_src_last_pkt_time":1467353136835528,"flow_dst_last_pkt_time":1467353136834770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00877{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":34,"flow_dst_packets_processed":11,"flow_first_seen":1467353136440165,"flow_src_last_pkt_time":1467353136952179,"flow_dst_last_pkt_time":1467353136908132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":1258,"flow_dst_tot_l4_payload_len":11715,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -604,7 +650,7 @@ 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833940,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136833940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833940,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136833940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353138931591,"flow_src_last_pkt_time":1467353138931591,"flow_dst_last_pkt_time":1467353139050485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":653,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":653,"flow_dst_max_l4_payload_len":690,"flow_src_tot_l4_payload_len":653,"flow_dst_tot_l4_payload_len":690,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353165563016,"flow_src_last_pkt_time":1467353165563016,"flow_dst_last_pkt_time":1467353165659884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":950,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":950,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":950,"flow_dst_tot_l4_payload_len":187,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353144819974,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144913514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":390,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":390,"flow_dst_max_l4_payload_len":229,"flow_src_tot_l4_payload_len":390,"flow_dst_tot_l4_payload_len":229,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834125,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -629,19 +675,19 @@ 00868{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353136483217,"flow_src_last_pkt_time":1467353136483217,"flow_dst_last_pkt_time":1467353136483605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353136483217,"flow_src_last_pkt_time":1467353136483217,"flow_dst_last_pkt_time":1467353136483605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1467353189820488,"flow_src_last_pkt_time":1467353201861524,"flow_dst_last_pkt_time":1467353189820488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":665,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} -01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834375,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834375,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} -01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1467353180830424,"flow_src_last_pkt_time":1467353195837489,"flow_dst_last_pkt_time":1467353180830424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837248,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837248,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837135,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837135,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191538427,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191606497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144633895,"flow_src_last_pkt_time":1467353144633895,"flow_dst_last_pkt_time":1467353144633895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":293,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01191{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144633895,"flow_src_last_pkt_time":1467353144633895,"flow_dst_last_pkt_time":1467353144633895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":293,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353196441555,"flow_src_last_pkt_time":1467353196441555,"flow_dst_last_pkt_time":1467353196535461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":340,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":340,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":140,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353196740386,"flow_src_last_pkt_time":1467353196740386,"flow_dst_last_pkt_time":1467353196835349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":140,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353197951316,"flow_src_last_pkt_time":1467353197951570,"flow_dst_last_pkt_time":1467353198052905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":140,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} @@ -658,7 +704,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1467353189784236,"flow_src_last_pkt_time":1467353196145488,"flow_dst_last_pkt_time":1467353189784236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":511,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8571,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833715,"flow_src_last_pkt_time":1467353136834565,"flow_dst_last_pkt_time":1467353136833715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833715,"flow_src_last_pkt_time":1467353136834565,"flow_dst_last_pkt_time":1467353136833715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-payload-len":490303,"total-not-detected-flows":29,"total-guessed-flows":2,"total-detected-flows":76,"total-detection-updates":9,"total-updates":35,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":661,"global_ts_usec":1467353203157237} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-payload-len":490303,"total-not-detected-flows":29,"total-guessed-flows":2,"total-detected-flows":76,"total-detection-updates":55,"total-updates":35,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":707,"global_ts_usec":1467353203157237} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1261/1261 ~~ skipped flows.............: 0 @@ -667,10 +713,10 @@ ~~ total active/idle flows...: 107/107 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 11782531 bytes -~~ total memory freed........: 11782531 bytes -~~ total allocations/frees...: 220154/220154 +~~ total memory allocated....: 11803080 bytes +~~ total memory freed........: 11803080 bytes +~~ total allocations/frees...: 220899/220899 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars -~~ json string max len.......: 2351 chars -~~ json string avg len.......: 1439 chars +~~ json string max len.......: 2374 chars +~~ json string avg len.......: 1450 chars |