diff options
Diffstat (limited to 'test/results/default/pps.pcap.out')
| -rw-r--r-- | test/results/default/pps.pcap.out | 56 |
1 files changed, 28 insertions, 28 deletions
diff --git a/test/results/default/pps.pcap.out b/test/results/default/pps.pcap.out index e3f2685e6..e79ea255f 100644 --- a/test/results/default/pps.pcap.out +++ b/test/results/default/pps.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1467353136432546} +00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1467353136432546} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136432546,"flow_src_last_pkt_time":1467353136432546,"flow_dst_last_pkt_time":1467353136432546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1065,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136432546,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01954{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136432546,"flow_dst_last_pkt_time":1467353136432546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"thread_ts_usec":1467353136432546,"pkt":"ABxCjnAxTF4M6gNlCABFAARFnt8AAHkRY4kBrQXiwKhzCFhsWQkEMf8ywISVs7ORwenTFHKVo6On5uSI0FSEcN6hpKSkpNyhoaGhoaGhpZUqLaxIFnIc1o9j1V\/jBxJYgTJzuNolbzVZ0R0xZInD9kisn9RUmqrxmfaOfWLidBLnlikkHNGned0J8w\/52jjY0bi7jWD1Ne30q1o07ZUYUv\/QbvJH0F4eDOmx08v7Bn20GVMFMCjodWpNTNXJ2SexjrFeI6FN4QYXCHMojb7c\/PEThAYazMCmu0O\/roaBRseEPs6rkTe8cp9cAvQ\/n5mjopI2U8mnsMzLdAnslhYT0HUp9qJVwLrEv01esKN2ht\/bwWWVF5TQquAB9v7Wt6e2OQ8vuih+Atb\/n4iLmHyAs8+DFzXEuSUKcpvamkMM7UM6hef8q9KNvY9qWQR1Tk9ycKmbR0smL1JeXfm85kJMbN\/EYgsXVxKaRK2Rv1yY1dyGePuc3UEjPL+KzMtadixFRQ2hL7UpDi17vDigTJ7AYF91J2Ja6BY8r45GbA0qcKjT\/2PMj0bcxGB5DZVExfvPgmT3pnLIXAIQCOuPxcK1euFQEq3Apr\/U+RUfsQg\/rkRxZFaG23hIOWdbuHAYWf162Ln84BIDQyIvmVPxm8HZfjSFxo5lT3SAnYhEraONvTPmIXSleQ0yKdGJXnTmaDvKNiI7tvMq4Ue8NItBFyrpaz\/ey7wisHK9g6RaTXC2Chi58N03IkAUbldcXIkAS5oXnhiCl8IRbYlSyiMzSearcyriLmt1A2oCZsMGjLI+Vg\/QQvFWKc8MUtJXDD\/3\/zP8XOVOsXbwqPjP0oQ7zs+cPcwh\/zsX++z5sEE67YjR9MZx16gb1c6v0nV6LooYTawJrbu4mQmfFZzBirmdYpVDc4DqSieyA3bfOctfLgZnR3dYSCqNYYEecOcnZB43DJPn8EapO45onRSmMzS98N7TjaXmivBMLMEYQUMWDdAQR+RohVRWZ8yz03QldhdX5BlmxjsyF+QH4XhdR0TNLGfQpBdbvPuC7brPT34pQ\/bB6DZ6ODmbu+A2bFlwaKRZQmJpDJEqSpl\/j8OazBmvo4z1ZZoiN2qDNKYSKtk5sX2V4oom7Mnsk9hlp\/P7QgLEBpxQ6BCZB+MVDHR5MiRiLZDeVw70iySjxEYrchS3jdcNstavegpWpk9whZhUojqFPGvCcQT6tmKjbQIj5Hu8ksUMNE+8BTHM8uZtK\/5DEb5Sp8gJi14\/rPknXLsL1+u4QhASTCXJWfbflBR6pE5s+QTIeXdrRWYqM9thmBhP+C3ZF+iPYB\/m3bwwcBgmvlLrzojH5FQZ4K8lHE7ijUN9HVDnNUbnZc73qehkk0VqLJlMqTyl7jKytXnNXEqS0p7S2OdJ0s12tQ48KCHUsQqmAui3sLr0tFku+q\/\/8h3kbG7OZisKcU6BzQvEtOBdMqyPELwAAAAA"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1467353136432546,"flow_dst_last_pkt_time":1467353136432852,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1467353136432852,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzYAAIARgDbAqHMIAa0F4lkJWGwALVw+2oCeu7uZyeHbHHqdq6urqq6n\/nt+fn5+wr+\/v7+\/v7+7W6Rb\/w=="} @@ -237,7 +237,7 @@ 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353152692906,"flow_src_last_pkt_time":1467353152692906,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353152692906,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1467353152692906,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353152692906,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLGwAAAER1wTAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353152692906,"flow_src_last_pkt_time":1467353152692906,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353152692906,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} -01405{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":1,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353152590330,"flow_dst_last_pkt_time":1467353152945958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":8367,"flow_dst_tot_l4_payload_len":1260,"midstream":1,"thread_ts_usec":1467353152945958,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"bcu.ff.avast.com","http": {"url":"bcu.ff.avast.com\/bc2","code":200,"content_type":"application\/octet-stream","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}","request_content_type":"application\/x-enc"}}} +01533{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":1,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353152590330,"flow_dst_last_pkt_time":1467353152945958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":8367,"flow_dst_tot_l4_payload_len":1260,"midstream":1,"thread_ts_usec":1467353152945958,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"bcu.ff.avast.com","http": {"url":"bcu.ff.avast.com\/bc2","code":200,"content_type":"application\/octet-stream","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}","request_content_type":"application\/x-enc"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1467353155693528,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353155693528,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLG0AAAER1wPAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353155790340,"flow_src_last_pkt_time":1467353155790340,"flow_dst_last_pkt_time":1467353155790340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353155790340,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1467353155790340,"flow_dst_last_pkt_time":1467353155790340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"thread_ts_usec":1467353155790340,"pkt":"TF4M6gNlABxCjnAxCABFAAKdDjtAAIAG3SfAqHMIymwO28U3AFCNS81scTxdzlAYAQSLywAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0xNSZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNTUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} @@ -287,7 +287,7 @@ 01030{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353157509654,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"thread_ts_usec":1467353159731502,"pkt":"TF4M6gNlABxCjnAxCABFAAGgFhZAAIAGZjTAqHMI3xpqQsU+AFB4823zkD5tZ1AYAQS6ZwAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2Y3JjP2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQoNCg=="} 01554{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353157509654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353159731502,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"223.26.106.66","http": {"url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}} 01046{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353159746513,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":443,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":443,"pkt_l4_len":409,"thread_ts_usec":1467353159746513,"pkt":"ABxCjnAxTF4M6gNlCABFAAGtzXdAADgG9sXfGmpCwKhzCABQxT6QPm1nePNva1AYACEkXQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU5IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA3Mg0KTGFzdC1Nb2RpZmllZDogU2F0LCAyNSBKdW4gMjAxNiAyMDo0Nzo0OCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1NzZlZWRmNC00OCINCkV4cGlyZXM6IFNhdCwgMDEgSnVsIDIwMTcgMDY6MDU6NTkgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQoBAAAAjem7lGlyqIWJ0WZ4YikhMAAAAADA8HoAAAAAAJ0fBgCdHwYAAAAgAABAAACfagIAEAAAABkBmvdUqrt6QK4cKbQBDrk="} -01589{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353159746513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":389,"midstream":1,"thread_ts_usec":1467353159746513,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"223.26.106.66","http": {"url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":200,"content_type":"application\/octet-stream","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}} +01608{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353159746513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":389,"midstream":1,"thread_ts_usec":1467353159746513,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"223.26.106.66","http": {"url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":200,"content_type":"application\/octet-stream","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353160157492,"flow_src_last_pkt_time":1467353160157492,"flow_dst_last_pkt_time":1467353160157492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353160157492,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1467353160157492,"flow_dst_last_pkt_time":1467353160157492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1467353160157492,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClHaUAAAER5dDAqAUw7\/\/\/+vm6B2wAkVW0TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353160157492,"flow_src_last_pkt_time":1467353160157492,"flow_dst_last_pkt_time":1467353160157492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353160157492,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -407,7 +407,7 @@ 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1467353189325739,"flow_dst_last_pkt_time":1467353189325739,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1467353189325739,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LaNAAIAGT77AqHMI3xpqE8VJAFB9cer6SbS1WFAYQTc4sgAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkZXIuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IERvd25sb2FkZXINCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353189325739,"flow_src_last_pkt_time":1467353189325739,"flow_dst_last_pkt_time":1467353189325739,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353189325739,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":0,"content_type":"","user_agent":"Downloader"}}} 01210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1467353189325739,"flow_dst_last_pkt_time":1467353189328640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_usec":1467353189328640,"pkt":"ABxCjnAxTF4M6gNlCABFAAIolNRAADgGLx3fGmoTwKhzCABQxUlJtLVYfXHrilAYAB9+agAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTcwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjM1OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQphcHA9ZWd1aSxla3JuLG5vZDMya3VpLG5vZDMya3JuDQpjb3VudD0xDQpjMD1Eb3dubG9hZEhlbHBlcg0KW0Rvd25sb2FkZXJdDQpEb3dubG9hZEhlbHBlcj1odHRwOi8vc3RhdGljLnFpeWkuY29tL2V4dC9jb21tb24vcWlzdTIvRG93bmxvYWRIZWxwZXIuZGxsO1N0YXJ0O1FJWUk="} -01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353189325739,"flow_src_last_pkt_time":1467353189325739,"flow_dst_last_pkt_time":1467353189328640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":512,"midstream":1,"thread_ts_usec":1467353189328640,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":200,"content_type":"application\/octet-stream","user_agent":"Downloader"}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353189325739,"flow_src_last_pkt_time":1467353189325739,"flow_dst_last_pkt_time":1467353189328640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":512,"midstream":1,"thread_ts_usec":1467353189328640,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":200,"content_type":"application\/octet-stream","user_agent":"Downloader"}}} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_src_last_pkt_time":1467353189360764,"flow_dst_last_pkt_time":1467353189328640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_usec":1467353189360764,"pkt":"TF4M6gNlABxCjnAxCABFAAC8LbBAAIAGT63AqHMI3xpqE8VJAFB9ceuKSbS3WFAYQLejygAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL0Rvd25sb2FkSGVscGVyLmRsbCBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZGVyDQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353189363217,"flow_src_last_pkt_time":1467353189363217,"flow_dst_last_pkt_time":1467353189363217,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353189363217,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1467353189363217,"flow_dst_last_pkt_time":1467353189363217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_usec":1467353189363217,"pkt":"TF4M6gNlABxCjnAxCABFAAOkLbJAAIAGvJjAqHMIymwO7MVIAFBYgFOZMQ8QiVAYQTddVQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODcwNTMmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} @@ -428,7 +428,7 @@ 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190040967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_usec":1467353190040967,"pkt":"TF4M6gNlABxCjnAxCABFAADGLkBAAIAGTxPAqHMI3xpqE8VLAFDaxGl\/7FKS9VAYQTcFigAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkaGVscGVyLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZEhlbHBlcl9ydW54eA0KSG9zdDogc3RhdGljLnFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQo="} 01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190040967,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190040967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190040967,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":0,"content_type":"","user_agent":"DownloadHelper_runxx"}}} 01877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190044867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1063,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1063,"pkt_l4_len":1029,"thread_ts_usec":1467353190044867,"pkt":"ABxCjnAxTF4M6gNlCABFAAQZtrxAADgGC0TfGmoTwKhzCABQxUvsUpL12sRqHVAYAB9YnAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjY3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjMwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQpjb3VudD02DQpjMD1DaGVja0NsaWVudA0KYzE9UVlBZ2VudA0KYzI9bWFzZmxhZw0KYzM9bWFzYXV0bw0KYzQ9bWFzYmxvZw0KYzU9Q29va2llQ2xlYXINCltEb3dubG9hZGVyXQ0KQ2hlY2tDbGllbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9DaGVja0NsaWVudC56aXA7U3RhcnQ7OTdEQzFBMTJCQzMyMkNERjRCQjE5MjNDNEVGMTRFMUINClFZQWdlbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9RWUFnZW50LnppcDtTdGFydEFnZW50OzRDRDQxOTkyNjI5ODBBRjY5RDA3OThEREFBNDJGM0M5DQptYXNmbGFnPWh0dHA6Ly9tYmRhcHAuaXFpeWkuY29tL2ovb3QvbWFzZmxhZy56aXA7U3RhcnQ7RTNGRDlCMjEzMEFCQTIxNTc1QjRGNDk2RDg5Q0FGOTINCm1hc2F1dG89aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9tYXNhdXRvLnppcDtTdGFydDtEMTQ3M0E5Mjg2MjBENjZGMzM0QjI4RUYxRjk0QjA3OA0KbWFzYmxvZz1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L21hc2Jsb2cuemlwO1N0YXJ0O0JGRENCNTM1QzNFRUIwMkZEREI5NjFEMDVBNTIzQjI2DQpDb29raWVDbGVhcj1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L0Nvb2tpZUNsZWFyLnppcDtTdGFydDtGMzlBRDlFOTgzREJCMzA5MkYxQzNDNDIwRjJBNDgyQQ=="} -01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":798,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190040967,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190044867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1009,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":1009,"midstream":1,"thread_ts_usec":1467353190044867,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":200,"content_type":"application\/octet-stream","user_agent":"DownloadHelper_runxx"}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":798,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190040967,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190044867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1009,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":1009,"midstream":1,"thread_ts_usec":1467353190044867,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":200,"content_type":"application\/octet-stream","user_agent":"DownloadHelper_runxx"}}} 01174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1467353190062486,"flow_dst_last_pkt_time":1467353189784236,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1467353190062486,"pkt":"AQBef\/\/6cBiLE+IdCABFAAILI6kAAAER3nDAqAUm7\/\/\/+gdsB2wB92DxTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQ6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpDYWNoZS1Db250cm9sOm1heC1hZ2U9OTAwDQpTZXJ2ZXI6TWljcm9zb2Z0LVdpbmRvd3MvNi4yIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6MDAyODViYzNjM2JhMjA3MDA3ZTFjM2I3NjIxYzg0NzYNCg0K"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190110976,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190110976,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353190110976,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kJVAADMGqbHKbA7bwKhzCABQxUpzStvEq5YvP1AYADaqqAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} @@ -443,7 +443,7 @@ 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190634365,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1467353190634365,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LnBAAIAGTvHAqHMI3xpqE8VMAFCjClS\/APxWfFAYQTf8ogAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL1FZQWdlbnQuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IFFZQWdlbnRfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190634365,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190634365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190634365,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}} 01015{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190638521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"thread_ts_usec":1467353190638521,"pkt":"ABxCjnAxTF4M6gNlCABFAAGWcOxAADgGU5ffGmoTwKhzCABQxUwA\/FZ8owpVT1AYAB8JQAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MzA6MDcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjE5DQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbUVlBZ2VudF0NCnY9MA0KcD0xMDANCmU9"} -01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190634365,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190638521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":366,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":366,"midstream":1,"thread_ts_usec":1467353190638521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":200,"content_type":"application\/octet-stream","user_agent":"QYAgent_runxx"}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190634365,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190638521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":366,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":366,"midstream":1,"thread_ts_usec":1467353190638521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":200,"content_type":"application\/octet-stream","user_agent":"QYAgent_runxx"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190892847,"flow_src_last_pkt_time":1467353190892847,"flow_dst_last_pkt_time":1467353190892847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":109,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190892847,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190892847,"flow_dst_last_pkt_time":1467353190892847,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":1467353190892847,"pkt":"TF4M6gNlABxCjnAxCABFAACVLoRAAIAGUpzAqHMIaibba8VNAFAdei0\/k1iI9FAYQTd0xwAAR0VUIC9jaXR5anNvbiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVlBZ2VudF9ydW54eA0KSG9zdDogaXBsb2NhdGlvbi5nZW8ucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190892847,"flow_src_last_pkt_time":1467353190892847,"flow_dst_last_pkt_time":1467353190892847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":109,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190892847,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"iplocation.geo.qiyi.com","http": {"url":"iplocation.geo.qiyi.com\/cityjson","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}} @@ -454,12 +454,12 @@ 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191500926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1467353191500926,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9BAAIAGTZDAqHMI3xpqFMZOAFCUEYDiYZCIJlAYQTcJ9QAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2ZsYWcuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2ZsYWdfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":811,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191500926,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191500926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191500926,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":0,"content_type":"","user_agent":"masflag_runxx"}}} 01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191505501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":493,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":493,"pkt_l4_len":459,"thread_ts_usec":1467353191505501,"pkt":"ABxCjnAxTF4M6gNlCABFAAHfpuJAADgGHVffGmoUwKhzCABQxk5hkIgmlBGBclAYAB+\/UwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOTgNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MTI6MTAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjIwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbbWFzZmxhZ10NCnY9Mg0KcD00MA0KZT2xsb6pL8nPuqMNCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} -01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":812,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191500926,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191505501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":439,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":439,"midstream":1,"thread_ts_usec":1467353191505501,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masflag_runxx"}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":812,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191500926,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191505501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":439,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":439,"midstream":1,"thread_ts_usec":1467353191505501,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masflag_runxx"}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191521215,"flow_src_last_pkt_time":1467353191521215,"flow_dst_last_pkt_time":1467353191521215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191521215,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_src_last_pkt_time":1467353191521215,"flow_dst_last_pkt_time":1467353191521215,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1467353191521215,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9RAAIAGTYzAqHMI3xpqFMZPAFCekgJEnvl6klAYQTcvHQAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2F1dG8uaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2F1dG9fcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191521215,"flow_src_last_pkt_time":1467353191521215,"flow_dst_last_pkt_time":1467353191521215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191521215,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":0,"content_type":"","user_agent":"masauto_runxx"}}} 01161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_src_last_pkt_time":1467353191521215,"flow_dst_last_pkt_time":1467353191524481,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"thread_ts_usec":1467353191524481,"pkt":"ABxCjnAxTF4M6gNlCABFAAIAVHFAADgGb6ffGmoUwKhzCABQxk+e+XqSnpIC1FAYAB\/e1QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjUwOjIzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4yMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2F1dG9dDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} -01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":814,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191521215,"flow_src_last_pkt_time":1467353191521215,"flow_dst_last_pkt_time":1467353191524481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353191524481,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masauto_runxx"}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":814,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191521215,"flow_src_last_pkt_time":1467353191521215,"flow_dst_last_pkt_time":1467353191524481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353191524481,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masauto_runxx"}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191538427,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191538427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191538427,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191538427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1467353191538427,"pkt":"TF4M6gNlABxCjnAxCABFAAD6L9ZAAIAGlfnAqHMIJG7cD8ZNAFCivUMktEgQ8FAY\/\/DARAAAR0VUIC90bXBzdGF0cy5naWY\/bWV0aG9kPXFpdWJpdGVyJm9zPXdpbmRvd3MtNi4xLjc2MDFfc3AxJnV1aWQ9MzUwQzNGMUFDNzVENDBiYzkwRDYwMkRBNEU2N0E3MkQmc29mdHZlcnNpb249MS4wLjAuMSZzb3VyY2U9cHBzJnRhc2t0eXBlPWdldHRhc2tpbmZvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRSVlpQW5nZW50DQpIb3N0OiBtc2cudmlkZW8ucWl5aS5jb20NCg0K"} 01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":815,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191538427,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191538427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191538427,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"msg.video.qiyi.com","http": {"url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":0,"content_type":"","user_agent":"QIYiAngent"}}} @@ -472,7 +472,7 @@ 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191606497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353191606497,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5GMJAAC4G\/04kbtwPwKhzCABQxk20SBDwor1D9lAYPLgN5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191538427,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191606497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353191606497,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"msg.video.qiyi.com","http": {"url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":200,"content_type":"image\/gif","user_agent":"QIYiAngent"}}} 01160{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"thread_ts_usec":1467353191608484,"pkt":"ABxCjnAxTF4M6gNlCABFAAIApFFAADgGH8jfGmoTwKhzCABQxlCbtI4lBJ7pcFAYAB996wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2Jsb2ddDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} -01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191604276,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353191608484,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masblog_runxx"}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191604276,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353191608484,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masblog_runxx"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191688041,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191688041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":550,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191688041,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191688041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1467353191688041,"pkt":"TF4M6gNlABxCjnAxCABFAAJOL\/RAAIAGZxbAqHMIZePIC8ZRAFCkQ4vBOJoXClAY\/\/Dn4QAAR0VUIC9jY3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IENvb2tpZUNsZWFyX3J1bnh4DQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25Kc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191688041,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191688041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":550,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191688041,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"api.cupid.iqiyi.com","http": {"url":"api.cupid.iqiyi.com\/ccs","code":0,"content_type":"","user_agent":"CookieClear_runxx"}}} @@ -553,16 +553,16 @@ 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1467353201861524,"flow_dst_last_pkt_time":1467353189820488,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353201861524,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDlEAAAER9S\/AqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192448,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_usec":1467353202192448,"pkt":"ABxCjnAxTF4M6gNlCABFKADCuCpAADIG5SVN6ikjwKhzCABQwBY\/zyZ9xn1A6VAYAAIAJQAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtY29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQoNCg=="} -01184{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192448,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}} +01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192448,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}} 02233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_src_last_pkt_time":1467353202192450,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353202192450,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCtAADIG4NJN6ikjwKhzCABQwBY\/zycXxn1A6VAQAAL1DgAAMjINCgMgCKAEEgH\/MhgIBBDmzNlDGIAKIJuhw6jaKiibocOo2ioNCjllMw0KCuATQVNVIVZQU3oDMAYWRgAAAIAJAACTCQAAeNolVXk01V0bfe51iZApMpZ5zjznco0JmeKSIVNeQzKWkDi4Ggwp6UWG1xCxylQRmd6EyCykZKZ0QwiR4vt933fWOuv8cdbZZ5\/9PPvsM3aGIkkMAEZWqjKV8P\/xCJtSB\/NfKOBwomAIFoTLeF+yLcHOykHRDpzBBXxpwIr2Eh5YEZ6EJCLl8EBQxQO\/OhBpYJqkQwMkvZMEQQA3f4Kc7yWvi\/jwS+HAHykF2jRQpasDRv9DcaOBVd0wDIWCO8DvhxfF8YuBBJwikABIjuCE3RKUjAuHSOCNFAIREAUxUMADmUQDQIgCRPgvVUt9JRlWbNXtK5OpsKHJ8J4LK+EyngYrIxUZVhyAmg4FaJkIoGZU33trc5hjTzGJTtUKB9Mx+T3dfmPXIoQ26EABICX6SsW7hX2KlFgnEwnwoJmVWZtN5T3KOpChrYrh213iQtqdReQAD1v9dk08JJYJFluOWyXS+Qf73GcByDko2exVaBzzKIPoSxuJ8RHb72m1UeUvkD\/v216FhyZVmZihHr7WtrYrgarCACFHcqOl7rTojtTlpFlxAKROdfbFzNGM6rxNqVIdOAHcm\/os5hLXL+tKfHtGi\/HbMZpYdZhMeKP9e3jCaJoGjosfkQ4ZHy19+LLw84guwJwa\/9Ktlu8KY6999xP+Bvj4dedshtyDydKvvvvtpgAl+bo9Df8UGtubKMnkHACwN1E2f0AHkBWdSfPUPXvgqln2dD492SUvokzyVkXQIUBlzVcPHCnc7RZ\/tc8u9KmS7DE4xX62EnoAvc5NZI7V3LhTODiXlfWPiUHKvIWIfwP\/LqADGZnMJDNldpH+uBjbrQapZK+fuOPzW+aAnhW3HhZM585sijetOXliLoa9gCkh9INHCiDXhzXcg\/vpxYIPjRXXRxNKvaI6lu226l8Aivkzy1Ny9ARfXWBlelnoZGwRfmfLmmgZCuiCsz3fuI3zBPjtp6Y5lCjP3ys3qsjmcAREVeoX6HcvcPN3UBngDBwvrmf8LWboGH0E0E1SidB66fcT7RcuptRH0x5\/e5snTfjJ4EFA9CrukkQG\/FZos0p8y8x54czaQvEPHMEPAZX7h0tZs\/DkN\/ReyGJTEQpxaNV6fq6+3gxQd2+SVJO7aPbhn8hRvPDN9bpqNOJ7Zgc7I3K66njSmiFz+dSVFIc2\/1k3fB1jp3XQGqBzSntyXs0dPjnRN5uEu40PrYonyiv7LxhgDJ581+h9hajeR9umb6y\/G1bO8f76fQrKANF5s2vWH3Y1ZL49Vi2gxO84af44zk3gWjsg6clhTdn0aCuv5o1+fJ7HejOvlq9wH7kIM8ZPYWKs58nIykrZmgKpkmDDFgj469W6KSD1DorOyspuG9lyxTo4uS39nIpy1TktrmBA\/sRvhvNBg5FmYRnatdE5Od0m5gLOZ70ogIxyF43qD947ySc4pJOCU6qq7JceMxy26QVEyeI0\/lNvcrsugiCyJrtE\/dIvwhSyroxZcyUhkdxI+4ffajndOqztX68qz1fum6uW2EtV17fJf9FTeneF2Mqb71b7Sm6WLVC5O5MxtNRFe86f6Z1f1L29jwXXUVhj"} -01304{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192450,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192450,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}} +01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192450,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192450,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}} 02243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1467353202192451,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353202192451,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCxAADIG4NFN6ikjwKhzCABQwBY\/zywDxn1A6VAQAALrNgAALT11Li5gWvs4BXi1xLjmvfKMj0peVQo7lKJXGpIXNwaIVVnV50PDXh\/nhoec299vHndpLUua\/bqpCOjp7McAoWKOkJJNwfqArWbPME9b6btDGVgV0uzbgys3HrUPZGuULZqVvC9cfPh7y1VrCRATr2jIquLGEs7NUuTFUS2\/94Q2D+b6OEydZRO9cPMEkga3a+5FSfXnzkWP45N4tdwDAY3rKF71DNh9qyHNw3zq0kfntg59U62XHN6AJpW5oqhpNP\/KXicl+wTn90pd\/Ux5pxaNuaTtiVisjsDdqJGttkpWFmkIvcN4O3H7Nh+g88QCys9WSrOYR9T1WklqZUIXO2KozevHqrDRk3FhsvxtYk4AY5OTxXPHL2qjoy\/5\/LCO7z9Q0I1UDJ6H3s55a0u\/YyMnFnPMluUDID6DqRJHSb6OUS7lT\/EU7rwQMeL0oaEabUBfFS+XanJaGDL1BZSIyNomFf0DPsUe3djOS8nPpXOhOL\/zzo0NjXvFjylWLV5uSrIEQBYM8WUnB+X2Q2Wcez+wiFByuVMleIMfXAFk2nK\/2ntwKLyC0FBADi6XZL3qNrjHMTQHSC+dvnacGjv84sTgyPra7k8ik3DBtc1vCpiDd8xq36vyCP\/Ys2QYll2fN6Xbf+94Si8B0K0uar09Ty6DviDBYXt5\/8XpJtEJWzUaGUBbbCEtHIzhk3G2p2itRnzSyt10DUes\/e9jLtGO\/lchukfEfGu5+Y3TxFhX7Hv333wv7QEFPFBprU3t6V4dIS250PFtx3UWkJ\/KX1vB3GhaMaxBrDbzvjhV2WKQ\/Nnv8ZBY9VdRfkCLJV\/HblSMFcUwHxo4IG2hrHP6TmVmYZ8nIHO7sPEv51L3RYhnBGODsvT6Nl8\/uUNtzAC0mRAznmk7IsUW9cl71zuY0pjDL21g4bID6MrMuZm1Md9NHvU392TiT0doM\/mcbpr5kwNIJ4xpVq6TbrnGRECU65QT+3b\/mxQ15tdSgLRxavOq35PnNQqYK5ZOBDF9u2L\/jTZsE\/v5\/BjNF7aLpx8Nx9Ddl+8avs92OeLW3xatFRgatYsqSPdDSCWt\/7DKoHeOQNGej+4sPaab2IT40o+lWkNrHHFVKhXd8C8SlbnU3Y75R26q+3sGFS+RyE6QyJ\/9EgUPSerMv2RjAJ0haqzfaWTRZ1ZgTOEuLBSeWyw\/5ab4eQDQi0DSVpRkK9n7z6c0f+4O2vunGdSrnv5FBBQxLbrd8yHz3RejyafRygtcHHU3GotYO\/8AGow33n2mzZuLfvvluwSNjTr7s9+t1mvnBDTAJ\/w70fY1Tmwt8AmO+R4XaV\/P8kj5BSwxsIQ6s44lL2edfFiPzVM2v9TOk+F5lYNtoawNgI43Hns0wnw00qQhKTaOTYk+\/7rXY0Dy57cX2LbiFl0dMrMNwkSmzc5OOQEillNkcjpMP\/us+nfs+bmsUceWf2FdKzv2OlHy5srMsxLZZ64aGceMbX4ACl2x0Ow5nsH0a2jCfohcp78SJIn9dHE3evNd2nn4FwNTdYtr8pjqtj6OYulAm5wuv5my4xx1pmVWIbK7w519BlDX6tBN7SDWo4cCZLo7HGPFpXlKMdV6PWa68yPUlNYrLHFOnDpF5xk8sJqNdF2omWAwtrP65WUrU3KZ8D62RRrQfwB0KLK2eRd5P3m9hXVnQ6Nq"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1467353202370500,"pkt":"ABxCjnAxTF4M6gNlCABFKABnuC1AADIG5X1N6ikjwKhzCABQwBY\/zzDvxn1A6VAYAAK2BwAAGHlgf4CvXzDNyxhLrqYUmmf6SBgwHBuCF2rQFuhe9Y1hgbwLb15JZ+tTfmuYp\/S8QVNXU2lnMkINCjANCg0K"} 00932{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":5,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1467353202428117,"pkt":"TF4M6gNlABxCjnAxCABFAAFWNPFAAIAGGfPAqHMITeopI8AWAFDGfUDpP88xLlAYAfC3\/AAAR0VUIC9SL0EzZ0tJRGxqWTJJM09Ea3lNMk5pTVRSbE1UQmlOelJtWkdRM09URTRPRGRoTkRabEVnUUNNQVlXR0tBRUlnSF9LZ2NJQkJEbXpObERLZ2NJQXhDcm5fdEJNZ29JQkJEbXpObERHSUFLT00yUmhGaENJQ3NCNTkzdkt4UTZjVnpBZ0NMX2I5WFdsc0ZRVng3NTRaZ0NIdjFYYVZwMVNJQ0NtQWc9IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NClByYWdtYTogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkhvc3Q6IHN1LmZmLmF2YXN0LmNvbQ0KDQo="} -01402{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":897,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":302,"flow_src_tot_l4_payload_len":2737,"flow_dst_tot_l4_payload_len":302,"midstream":1,"thread_ts_usec":1467353202428117,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"su.ff.avast.com","http": {"url":"su.ff.avast.com\/R\/A3gKIDljY2I3ODkyM2NiMTRlMTBiNzRmZGQ3OTE4ODdhNDZlEgQCMAYWGKAEIgH_KgcIBBDmzNlDKgcIAxCrn_tBMgoIBBDmzNlDGIAKOM2RhFhCICsB593vKxQ6cVzAgCL_b9XWlsFQVx754ZgCHv1XaVp1SICCmAg=","code":0,"content_type":"","user_agent":"","request_content_type":"application\/octet-stream"}}} +01530{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":897,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":302,"flow_src_tot_l4_payload_len":2737,"flow_dst_tot_l4_payload_len":302,"midstream":1,"thread_ts_usec":1467353202428117,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"su.ff.avast.com","http": {"url":"su.ff.avast.com\/R\/A3gKIDljY2I3ODkyM2NiMTRlMTBiNzRmZGQ3OTE4ODdhNDZlEgQCMAYWGKAEIgH_KgcIBBDmzNlDKgcIAxCrn_tBMgoIBBDmzNlDGIAKOM2RhFhCICsB593vKxQ6cVzAgCL_b9XWlsFQVx754ZgCHv1XaVp1SICCmAg=","code":0,"content_type":"","user_agent":"","request_content_type":"application\/octet-stream"}}} 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834457,"flow_src_last_pkt_time":1467353136834572,"flow_dst_last_pkt_time":1467353136834457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834457,"flow_src_last_pkt_time":1467353136834572,"flow_dst_last_pkt_time":1467353136834457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353164710742,"flow_dst_last_pkt_time":1467353165019943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":10429,"flow_dst_tot_l4_payload_len":14221,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}} +01346{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353164710742,"flow_dst_last_pkt_time":1467353165019943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":10429,"flow_dst_tot_l4_payload_len":14221,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}} 00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136835111,"flow_src_last_pkt_time":1467353136835529,"flow_dst_last_pkt_time":1467353136835111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136835111,"flow_src_last_pkt_time":1467353136835529,"flow_dst_last_pkt_time":1467353136835111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833392,"flow_src_last_pkt_time":1467353136833582,"flow_dst_last_pkt_time":1467353136833392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -583,10 +583,10 @@ 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1467353152692906,"flow_src_last_pkt_time":1467353167734702,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":798,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353156641491,"flow_src_last_pkt_time":1467353156641491,"flow_dst_last_pkt_time":1467353156700500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":1927,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":26,"flow_first_seen":1467353157138270,"flow_src_last_pkt_time":1467353157138270,"flow_dst_last_pkt_time":1467353157157502,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":372,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":372,"flow_dst_tot_l4_payload_len":32468,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353159746513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":389,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1467353189325739,"flow_src_last_pkt_time":1467353189360764,"flow_dst_last_pkt_time":1467353189364461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":4292,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190040967,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190044867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1009,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":1009,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190634365,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190638521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":366,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":366,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} +01237{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353159746513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":389,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} +01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1467353189325739,"flow_src_last_pkt_time":1467353189360764,"flow_dst_last_pkt_time":1467353189364461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":4292,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} +01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190040967,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190044867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1009,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":1009,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190634365,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190638521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":366,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":366,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837423,"flow_src_last_pkt_time":1467353136837504,"flow_dst_last_pkt_time":1467353136837423,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837423,"flow_src_last_pkt_time":1467353136837504,"flow_dst_last_pkt_time":1467353136837423,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353138757317,"flow_src_last_pkt_time":1467353138757540,"flow_dst_last_pkt_time":1467353138794624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":252,"flow_src_tot_l4_payload_len":1447,"flow_dst_tot_l4_payload_len":252,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} @@ -596,9 +596,9 @@ 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353166729597,"flow_src_last_pkt_time":1467353166729597,"flow_dst_last_pkt_time":1467353166729597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136439974,"flow_src_last_pkt_time":1467353136440581,"flow_dst_last_pkt_time":1467353136439974,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136439974,"flow_src_last_pkt_time":1467353136440581,"flow_dst_last_pkt_time":1467353136439974,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191500926,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191505501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":439,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":439,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1467353191521215,"flow_src_last_pkt_time":1467353191603072,"flow_dst_last_pkt_time":1467353191606497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":476,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":1896,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191604276,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191500926,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191505501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":439,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":439,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} +01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1467353191521215,"flow_src_last_pkt_time":1467353191603072,"flow_dst_last_pkt_time":1467353191606497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":476,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":1896,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191604276,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1467353196856069,"flow_src_last_pkt_time":1467353196856069,"flow_dst_last_pkt_time":1467353196947855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":11340,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1467353198532645,"flow_src_last_pkt_time":1467353198532645,"flow_dst_last_pkt_time":1467353198595507,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":5040,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353200271229,"flow_src_last_pkt_time":1467353200271229,"flow_dst_last_pkt_time":1467353200271229,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} @@ -613,7 +613,7 @@ 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191688041,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191722567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":550,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":237,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":237,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00874{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":30,"flow_dst_packets_processed":10,"flow_first_seen":1467353136439640,"flow_src_last_pkt_time":1467353136982557,"flow_dst_last_pkt_time":1467353136977509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1083,"flow_src_tot_l4_payload_len":1110,"flow_dst_tot_l4_payload_len":9622,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":30,"flow_dst_packets_processed":10,"flow_first_seen":1467353136439640,"flow_src_last_pkt_time":1467353136982557,"flow_dst_last_pkt_time":1467353136977509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1083,"flow_src_tot_l4_payload_len":1110,"flow_dst_tot_l4_payload_len":9622,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00876{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":30,"flow_dst_packets_processed":71,"flow_first_seen":1467353136433806,"flow_src_last_pkt_time":1467353136979491,"flow_dst_last_pkt_time":1467353136982279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":31950,"flow_dst_tot_l4_payload_len":2627,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00994{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":30,"flow_dst_packets_processed":71,"flow_first_seen":1467353136433806,"flow_src_last_pkt_time":1467353136979491,"flow_dst_last_pkt_time":1467353136982279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":31950,"flow_dst_tot_l4_payload_len":2627,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":30,"flow_dst_packets_processed":71,"flow_first_seen":1467353136433806,"flow_src_last_pkt_time":1467353136979491,"flow_dst_last_pkt_time":1467353136982279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":31950,"flow_dst_tot_l4_payload_len":2627,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01074{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136616772,"flow_src_last_pkt_time":1467353136617070,"flow_dst_last_pkt_time":1467353136616772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136616772,"flow_src_last_pkt_time":1467353136617070,"flow_dst_last_pkt_time":1467353136616772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -636,7 +636,7 @@ 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353185940061,"flow_src_last_pkt_time":1467353185940061,"flow_dst_last_pkt_time":1467353186002895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353189363217,"flow_src_last_pkt_time":1467353189363217,"flow_dst_last_pkt_time":1467353189363217,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 01192{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190110976,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":302,"flow_src_tot_l4_payload_len":2737,"flow_dst_tot_l4_payload_len":302,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} +01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":302,"flow_src_tot_l4_payload_len":2737,"flow_dst_tot_l4_payload_len":302,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834770,"flow_src_last_pkt_time":1467353136835528,"flow_dst_last_pkt_time":1467353136834770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834770,"flow_src_last_pkt_time":1467353136835528,"flow_dst_last_pkt_time":1467353136834770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00876{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":34,"flow_dst_packets_processed":11,"flow_first_seen":1467353136440165,"flow_src_last_pkt_time":1467353136952179,"flow_dst_last_pkt_time":1467353136908132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":1258,"flow_dst_tot_l4_payload_len":11715,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -690,7 +690,7 @@ 00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834031,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834031,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1467353197131515,"flow_src_last_pkt_time":1467353203157237,"flow_dst_last_pkt_time":1467353197131515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1161,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00874{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":26,"flow_first_seen":1467353136432546,"flow_src_last_pkt_time":1467353136475656,"flow_dst_last_pkt_time":1467353136476197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":12780,"flow_dst_tot_l4_payload_len":962,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00992{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":26,"flow_first_seen":1467353136432546,"flow_src_last_pkt_time":1467353136475656,"flow_dst_last_pkt_time":1467353136476197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":12780,"flow_dst_tot_l4_payload_len":962,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":26,"flow_first_seen":1467353136432546,"flow_src_last_pkt_time":1467353136475656,"flow_dst_last_pkt_time":1467353136476197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":12780,"flow_dst_tot_l4_payload_len":962,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00869{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1467353136439813,"flow_src_last_pkt_time":1467353136440580,"flow_dst_last_pkt_time":1467353136660483,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1067,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":3197,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1467353136439813,"flow_src_last_pkt_time":1467353136440580,"flow_dst_last_pkt_time":1467353136660483,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1067,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":3197,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -698,7 +698,7 @@ 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1467353189784236,"flow_src_last_pkt_time":1467353196145488,"flow_dst_last_pkt_time":1467353189784236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":511,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8571,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00989{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833715,"flow_src_last_pkt_time":1467353136834565,"flow_dst_last_pkt_time":1467353136833715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833715,"flow_src_last_pkt_time":1467353136834565,"flow_dst_last_pkt_time":1467353136833715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":899,"packets-processed":899,"total-skipped-flows":0,"total-l4-payload-len":355599,"total-not-detected-flows":29,"total-guessed-flows":2,"total-detected-flows":76,"total-detection-updates":49,"total-updates":35,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":701,"global_ts_usec":1467353203157237} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":899,"packets-processed":899,"total-skipped-flows":0,"total-l4-payload-len":355599,"total-not-detected-flows":29,"total-guessed-flows":2,"total-detected-flows":76,"total-detection-updates":49,"total-updates":35,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":701,"global_ts_usec":1467353203157237} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 899/899 ~~ skipped flows.............: 0 @@ -707,9 +707,9 @@ ~~ total active/idle flows...: 107/107 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5822730 bytes -~~ total memory freed........: 5822730 bytes -~~ total allocations/frees...: 89847/89847 +~~ total memory allocated....: 5824503 bytes +~~ total memory freed........: 5824503 bytes +~~ total allocations/frees...: 89849/89849 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2373 chars |