diff options
Diffstat (limited to 'test/results/default/quickplay.pcap.out')
| -rw-r--r-- | test/results/default/quickplay.pcap.out | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/test/results/default/quickplay.pcap.out b/test/results/default/quickplay.pcap.out index 9da3d5401..048504ee2 100644 --- a/test/results/default/quickplay.pcap.out +++ b/test/results/default/quickplay.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00788{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1429000030398627} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00789{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1429000030398627} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000030398627,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000030398627,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"thread_ts_usec":1429000030398627,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWBDAUAAPwaoIQo2qfp4HCMpxewAUEHDiNf6xwiBUBgAc22rAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} 01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000030398627,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000030398627,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"api-singtelhawk.quickplay.com","http": {"url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}} @@ -21,7 +21,7 @@ 01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000037314978,"flow_src_last_pkt_time":1429000037314978,"flow_dst_last_pkt_time":1429000037314978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000037314978,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","http": {"url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037600378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000037600378,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037600378,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":241,"pkt_l4_len":205,"thread_ts_usec":1429000037600378,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOEBz0AAPwbyFAo2qfp4HBrngf0AUJlyzTdc8IHSUBgAc3meAABHRVQgL2dlbmVyYXRlXzIwNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogY2xpZW50czMuZ29vZ2xlLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037600378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000037600378,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients3.google.com","http": {"url":"clients3.google.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037600378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000037600378,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"clients3.google.com","http": {"url":"clients3.google.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037659613,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":137,"pkt_l4_len":101,"thread_ts_usec":1429000037659613,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAHlLmEAArQY6l3gcGucKNqn6AFCB\/VzwgdKZcs3wUBgIIqKRAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNClNlcnZlcjogR0ZFLzIuMA0KDQo="} 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1429000037314978,"flow_dst_last_pkt_time":1429000037771704,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"thread_ts_usec":1429000037771704,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUMgAkAArQYAVK38ShYKNqn6AFDMQGR3Qx6qvJUxUBj\/\/2USAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogSENQcUMxYW5HZGxXZUVqMEIwU3F1MHVIQzU2N3BTRzJERlZvSXdHYmRXNFovN1dydjVhM0ZQZEY5V1FIMDUrNFREZVFXV3FiZjA4djA4c1RURE81VWc9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} 00949{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1429000039509711,"flow_dst_last_pkt_time":1429000030498602,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":365,"pkt_l4_len":329,"thread_ts_usec":1429000039509711,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAV1DA0AAPwaoIgo2qfp4HCMpxewAUEHDig\/6xw2tUBgAhzcPAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9tb3ZpZXMvNjI0MT9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} @@ -64,16 +64,16 @@ 01079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000052350287,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":461,"pkt_l4_len":425,"thread_ts_usec":1429000052350287,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAb2qTEAAPwZ4UAo2qfrLzZeg1mUAUE+SeI3XHwqaUBgAbsqdAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vZ2V0Y29udGFjdGxhYmVsbGlzdCBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDEzMA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNColfJgEAQVUr0H3fAhACF0hkbD5sDN+EgwD\/BNABUsTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYeQoz6VrtJH00pu+gvbU58lmESj2o4D7TnERbmXXALCqM="} 01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000052350287,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000052350287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":405,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":405,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":405,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000052350287,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":0,"content_type":"","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1429000052348029,"flow_dst_last_pkt_time":1429000052688483,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_usec":1429000052688483,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPWIBEAArAZEf8vNgWUKNqn6AFCnCZFyi8YwPunGUBgIIppgAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwC5BQwMAADES8+zVe2SBL6tUVxA2Vh6"} -01491{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052348029,"flow_src_last_pkt_time":1429000052348029,"flow_dst_last_pkt_time":1429000052688483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000052688483,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmbatchemojidownload","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} +01491{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052348029,"flow_src_last_pkt_time":1429000052348029,"flow_dst_last_pkt_time":1429000052688483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000052688483,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmbatchemojidownload","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000053611792,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_usec":1429000053611792,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYEAArQar6MvNl6AKNqn6AFDWZdcfCppPknoiUBgIIrzYAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"} -01488{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052350287,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000053611792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":405,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":405,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":405,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000053611792,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} +01488{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052350287,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000053611792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":405,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":405,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":405,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000053611792,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} 02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1429000052217627,"flow_dst_last_pkt_time":1429000054555518,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"thread_ts_usec":1429000054555518,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaBrnEAArQYNK3gcIygKNqn6AFDLKctRyGZwAbOjUBAIIjnpAAC6eiaRjUv\/RPkOH82F5WosK669TTY41gIXUb5TM31DDCidAN9BA2XuM3HL8T4H8RaooiwzYVX\/NyYQvgJwozgBs+HWQERJo3j\/tFsg+NsbehQ2yqZ0ni5IF772nmOTUjjTqhvSyTYKL8LPX7\/SbJuUeesyVlCo1rcZrFyvobivL2QselZVKbZT9oXnVrTBXz9SgWOBGQjqM+6MYkHQqsKJwKvUzEiyfqsG7Y5ib\/HG3Cr61CWCOUzckjCo4x7\/2FXuS4bbTxyKoEXBeNcTCujBm4BW7TCl6yaZq2WXxGG4hvRF0Be\/m5kDX7D2ritov06P2eBHlozi8poVm+8iR+ps7ttJSDR9cRtIoZ6CzGQuMlpslQH3eGbKiA+TieQa5VKgPmn67A5ZHz6oVTfujJs8WKbjDDZ9Q0iRvNel4W1E1K\/\/zSVXoGcUMXf+jhnQwZpcpi1EdAnR+40BHozU+RTudhZL4Gple7Zf9xhKfQFyWOsUn76k3fkX1zxQlXwkMtX73RmtTyaB3L2pN7AlVM\/\/nWHu7EuLuT9DL9C5g0C9ndUmqL7NBsK0kAZZ78eDPfrNcCw\/ZFw2bNcbUFc\/DZYsLjg+otfm91LhV9Jp43mlKbIVnnDPmIDKMqjiCMwbTaSaZixrFny1uf5O00Y6dqEgtz9Pli4PyDpRhyoCvJu+i4H+d88Uaw2rkO46JoXyB7A5p5OjjhlkqrGyi1CwU0deobjNdyyDdV8jJ\/Pi9n3PsmZZgmuJXbUr3Wj33YeDG\/0Oj+2II0vRU4R2CMhv6eJcxCNdiNxlxN6WMj7SN4Xwx9cQTGloH0v9P+ZbhisAixQQx+c7VnS53a6eMHAGjtfp5Vfl\/a+fbz\/SS6+0wsbw43YigcJZdKwu\/J+7R2Vsvwwp\/\/0VJXCclXCvQKK9ZgSyMjcZXFFdVBYQ9ynX2PKUJbCiQo0ZSacbctiB0eo38ldIKG1HQXiG+IvrS8x51f+MHkxe\/Qz6gFVONzxqGI2AuPK799Gz1u48EzIlwqf+hfJ5+80+67LPm7OKnX\/+Hglw20t2bXScSU\/7a\/No7LXMZaiPPFjItOLkydDIZdblKbD9VzRcriDGIikYRE2vOO7ef0bABx9ekxq7Y6qOz8wz2bfi82kKdO6ZKos8mJ6Z5zMskbhz5TARjuFwb\/y0CNvNRI3ZzaCcWvcSerQm6YI5Qkh9hi+UFoCigmvOa40ltrSAgZJLwEzoigbbL\/Fux90aNws71lhYIk5rLapLHllGTYci4NeZq+lysN0NJeGSVgJjhywSjEcv98KS01SOoGP+L8hkrHHDndozayAIZx7KNatPdBhHierZx9hk7YaR2QyAaOf\/KGZ26mtXJD+fZ9qzzRf7VPOJIXRan6Mvh2X5ksvc+d2E+xpW4ZS3heqwr3GFyseSzu+SItPTkyOePTh5SBKlnurq4GBXzKzTiVp1gCObUjjb361kLXFDG8pv8RFHz9T71D1Nc2wSTzFugnvV1UNFiSfCUv5Hf3vreasQSxEc5M2HufON7Ls2Sq1av0HxiKW3cr3g1hTf6isQpBvLi2kzfVTuUfjZ4NfuituEBPk76dM0NGhwCE37DhDWyEA0CskC\/3LGpzpkwJVXZJneb4tZ6ZUUp9Tq8jwnKJrc9Xm0\/K+NOqhD9cfXeA0wPmIBqb\/50HOtK0ivaxJQrriFNfYzXGvwDWExqj3032B+UnoRZ9sdl+HDci1tJl2ZYTWQ\/jnW4QU+eyZsftpA1fidaKNXFUm98r6LCSgwEpKQko1ga3+vGDjVtQbFJqqZZSUhMiGE7JxSiWQR6m1VFOyrIP\/NGSlhQwEVU0AVlSc0flRUDOO1ef3Q8CCp+aj8TUh3wwIIfQUflA=="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054595190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000054595190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01290{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054595190,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":616,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":616,"pkt_l4_len":580,"thread_ts_usec":1429000054595190,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAljROkAAPwZnAgo2qfrLzYFlpwoAUAw7AlWKyQifUBgAbo2ZAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vYW5kcm9pZGdjbXJlZyBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDI5MQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNCo1fJgEAQVUr0H3fAhACF0hkbD5sDN+EgwDvBPUC9wHE3QEChNVx4ZIME2Cf+At3im0FbHQtQ5OeVwRjPIiyLiTcUNpigxgohLu4Sn2cUUhjM\/e6hatoyLaBnD1MiX1aSCFGHqc7sd1LbQ4Ji50\/nmut+cRtfu64v\/XpBgMs3P9k27B87PKWuZeRn0c7PoUNWA2a8JliIiEG\/iNlGYYh7Jh9YEWG\/gDJeOxQbfTuL3jKYttVpQbSW5W7M23rsRNXzMxlPjm7V+eiXogw4ZTrI0SYQBetGJTy4I9tf1xmHMyE6HsFYIlHFXzsGgJQf7uh78Qo0Kz+t0syWOECVQvp3s423G3nllPk9jmdcOLrj5HgsV0zUjYpYNBzzWvoRGUwiRoLkw=="} 01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054595190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000054595190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/androidgcmreg","code":0,"content_type":"","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1429000054688452,"flow_dst_last_pkt_time":1429000054555518,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"thread_ts_usec":1429000054688452,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjvEAAPwaG4wo2qfp4HCMoyykAUHABs6PLUc5cUBgk\/ZRuAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054967566,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_usec":1429000054967566,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUEEkAArQbHccvNgWUKNqn6AFCnCorJCJ8MOwSFUBgII8UCAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDvBAYGAAAXudj2eCNNjv4Uv\/n42\/lx"} -01484{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054967566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000054967566,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/androidgcmreg","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} +01484{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054967566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000054967566,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/androidgcmreg","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000055158240,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_usec":1429000055158240,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYkAArAas5svNl6AKNqn6AFDWZdcfCppPknoiUBkIIrzXAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1429000054688452,"flow_dst_last_pkt_time":1429000060332068,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"thread_ts_usec":1429000060332068,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAOBsF0AArQYRcHgcIygKNqn6AFDLKctUXpxwAbVfUBgIQ3alAADeuoa1+jA5Ry0mXbQk51nloyMd3bnpaoAhLaFrs1GxxS6MStN1DNXgV3PyV9xWtS4Bq7eqDyJDn7AJDstUGJi0\/pfjbHRxURqqSWq2lLCGNr8PC4\/zdGcQgXAhvJ4k342DAqdcv25jjD\/DCZL0NGZhuQtQ9EC0TG+Yxyi57FXdRjFSsIxVH3fsgYrcB9Qagjzg2cKnxCjR\/HkaVIYK1NtKzAhNksrWNnXwbZRgh55QgVjqectjQo\/f"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1429000060559607,"flow_dst_last_pkt_time":1429000060332068,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":585,"pkt_l4_len":549,"thread_ts_usec":1429000060559607,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAjlkNkAAPwaGFAo2qfp4HCMoyykAUHABtV\/LVF9UUBhMo7CDAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWMTQwUjIxNi9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFYxNDBSMjE2LWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9OTViMDFjODMxM2FlNGRmYjgwY2QxMDI4MjE1ZTAzYjcgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"} @@ -82,10 +82,10 @@ 01375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110390234,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":681,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":681,"pkt_l4_len":645,"thread_ts_usec":1429000110390234,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAApm620AAPwZqrgo2qfrLzZPXi1YAUBkYU+pems3wUBgAbqLPAABQT1NUIGh0dHA6Ly9oa21pbm9yc2hvcnQud2VpeGluLnFxLmNvbS9jZ2ktYmluL21pY3JvbXNnLWJpbi9ydGt2cmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMzU1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGttaW5vcnNob3J0LndlaXhpbi5xcS5jb20NClVzZXItQWdlbnQ6IE1pY3JvTWVzc2VuZ2VyIENsaWVudA0KDQqNXyYBAEFVK9B93wIQAhdIZGw+bAzfhIMAzAXaBLgCxN0BAsPj4k0n0ICdjYK52ViOWnOC4Vzgxi7+iegOsMW+oW6QdEAHg+UlyxaSBb9\/s0oeR4gum6gk+uWhqjv3Tkoz3jpOxZ3uqg5IoeAevVK78mE+75Mm5QEXaL\/24wa8I4nsiJTVEr54yg9WsIjA1I\/cd65YM57jS4+t1kJ\/xpqwwPsMfqK2G34N85Xo0uWP1F2PyLEjHiJZyK4xRu\/XYVzahdDn1vQRPtqQ3i2o6ggKNGN3kBkFa6C2GO0zTqwt7XUYqb0ppGq3KKIyPCtrTg5YICuEsfTDMTLer3J067M5VD93Ij+RkxqqGFN9+gvu+C\/smM0OksnEYsvtVnkr65ZF5Pk4qVPYHRDIlRcRHe0XzckIkJitYHFr8VSN2R6GxFfZK0YtMPQdmLxH6qLecheL3Cuuz7XcYpBc6JGpDIih+q4v"} 01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110390234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000110390234,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"hkminorshort.weixin.qq.com","http": {"url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":262,"pkt_l4_len":226,"thread_ts_usec":1429000110528479,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPYrhEAArQaNjMvNk9cKNqn6AFCLVl6azfAZGFZbUBgIKKjyAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ4DQoNCoJfAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDMBQYGAIBAF7nY9ngjTY7+FL\/5+Nv5cQ=="} -01485{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":206,"midstream":1,"thread_ts_usec":1429000110528479,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkminorshort.weixin.qq.com","http": {"url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} +01485{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":206,"midstream":1,"thread_ts_usec":1429000110528479,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkminorshort.weixin.qq.com","http": {"url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000117728278,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":638,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":638,"pkt_l4_len":602,"thread_ts_usec":1429000117728278,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAm69YkAAPwYFAwo2qfo2s4xB3D0AUJYYUVzgorreUBgAc7mmAABHRVQgL3Bhc3MvdjIvc2FmZS91c2VyL2NvcmVJbmZvP3NpZ25hdHVyZT11JTJGNzNkRVhCSGJlamV2MElTTnduR3l5ZmVUdyUzRCZ1c2VySWQ9TXo1WHI1VVhLdXc4M2h4ZDZZbXMydyUzRCUzRCBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvb2tpZTogY1VzZXJJZD1SbmVTNDhuLWRZX1ZlMllKU3NWLXF0RUxvOG87IHNlcnZpY2VUb2tlbj1qYWl5azdjUlQ0WDI0RWp3eENnQUxHOEFJdk9pWmNWTFU1cCsyaW9HSzVaK1MrWDFLbkJwOHBGUDJIV3FhVFJEWHU1eUY3YjZqaDdYdDQxZTZZOXYyUVRGN2tnbUhrSjBhSXJ0Sm9iOTBaZ2lBMy8rYlZQWXBrcVM3ajhUREorNEo3Rkt3VzFsZDZCWSswakU4SncxbGYrTVE0OEVUQmlOc01FbEthUGh2MEREOVZvUlMxNXRVM2dSMHlmVEcxWHMNClVzZXItQWdlbnQ6IERhbHZpay8xLjYuMCAoTGludXg7IFU7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIE1JVUkvVjYuNC4yLjAuS1hETUlDQikNCkhvc3Q6IGFwaS5hY2NvdW50LnhpYW9taS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000117728278,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.account.xiaomi.com","http": {"url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)","request_content_type":"application\/x-www-form-urlencoded"}}} +01416{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000117728278,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.account.xiaomi.com","http": {"url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)","request_content_type":"application\/x-www-form-urlencoded"}}} 01583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000118045538,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":831,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":831,"pkt_l4_len":795,"thread_ts_usec":1429000118045538,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAy+57kAArQaZmTazjEEKNqn6AFDcPeCiut6WGFOiUBgIJVI5AABIVFRQLzEuMSAyMDAgT0sNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpEYXRlOiBUdWUsIDE0IEFwciAyMDE1IDA4OjI4OjM3IEdNVA0KU2VydmVyOiBUZW5naW5lLzIuMC4xDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD11dGYtOA0KQ29udGVudC1MZW5ndGg6IDU1Ng0KDQofiwgAAAAAAAADBMHXokMwAADQD+pDVCuuR7VCzdrerESNxijK199zgLVnYggNE5ULioIZGP6CKSQ+J1Ue9LQPP\/PeL9xYw3Gkgs8aCeFd\/zZqCdqbSs4SDagv3Q8gbXJOLHNZZfmdTsJ6vPDYpe+\/rdailf+Vy4WCt5JCSfPLvLm\/VjBPjj45GMX6eUks60t+xxt21vhZm+cZaqa7DoZ7yob2ejBdIHAVjR1TTdJhFubG5KBya8nY0zzMWLsuzvCvt9glIynGQHg+BLRZzPC8ZTGPUyOvUh05tiZ\/balrrwKQt2cEeJstEBP0D5BLZnKvY160w+\/OrxB+sjFauMt5dnHUcI3t7SoTqChgxCrhMkNhG6YVl2LK8pgjuYhqcDRox+KgQzOA\/hLmGzg3uirtssbFIVC5Aro3ACcGCwISGwb1VxWHonPvyWHNDlG81Bqq3QQetunNZnl6oz4rq\/ZHNPTVG61wMgLdvvo4GWhjgZ\/bnblrSFNGd7Mdr5MexXVx6SfeJVyvwBelPETxWHKKoRDa8ZjUvT0cEJOB7G\/G7e4ZZ\/83OAc7CIIAAEA\/iIulwzriBqhJkUE6bpVlTg1QY+rX1\/uCF5JNOyMtykH7DdhqEwaXY8s7mPz38wS8mngvjnR+4AS+bZOCqFuqMeaMn6SzJIMOPFhSp7GcsxUbtqiwMa7\/yvtnpf2t24H4WaAC+sVExSgCQaWyVTSeVY6vezz8ABeIl3WAAgAA"} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000153937720,"flow_src_last_pkt_time":1429000153937720,"flow_dst_last_pkt_time":1429000153937720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000153937720,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1429000153937720,"flow_dst_last_pkt_time":1429000153937720,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_usec":1429000153937720,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeag6kAAPwZJswo2qfp4HCMoyzEAUC00WpDdwOXGUBgBycCpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} @@ -94,7 +94,7 @@ 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1429000156459448,"flow_dst_last_pkt_time":1429000156273474,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_usec":1429000156459448,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaip0AAPwZH9go2qfp4HCMoyzEAUC00XE7dy64AUBhgH5dQAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} 01578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1429000156459448,"flow_dst_last_pkt_time":1429000159329352,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":822,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":822,"pkt_l4_len":786,"thread_ts_usec":1429000159329352,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAyZ5rEAArAYClXgcIygKNqn6AFDLMd3YhLgtNF4MUBgIQ\/OyAADrwzX3RAicnUrik1zDx4PqjdwOmF3fe8pzxTI4oN3yFpMedtYxelwQ2rhsnEO6G\/cmlY1IJNm+dhF6bSA0DSydTzLfvgeIuFZXygwrH6gaXr3bLYeSyYjaCUjWjmQTt7V+t\/gKIDQ7qopT\/9MJLyH+KwU2kj6lGewqsyjKL2j5Quk4rIxkJFWbgA834c500rsR9UD02ykgxsrbPdY8neRLyWauu2MwdO8Be1DZjdaACskFpdJNZR72s2dmRfWv3zmQNDywLdy21xUi6VV5yyLDgFQBtBCXRV+cQVGxrWazEswNsOJm5YNkt7Julo0fagWzzfA6k\/UxfxEYcq2TxGzfSbcM1WAuTAlHKowbQoKWjTwGEc2bWIFmXE5q8JrHhpukUvKEnyPDmn\/EVfOSXk9pOu1LB9Z9OYZmi6y7tgB9EBz5Hxig1qph7haaqDsKdW4PxWR0VWnAjHI09PH7\/zZlo9FDGZoA+\/SUvcNGTG4xFbCoGdUVimgMQK7pTJ5Jlf+NZ2rrp\/xRZXpGeytFF1JKGu6T6\/t07HLyU5FKV+heWPuYKSc0\/F9MjzFgwPRSVBhFEnAC\/WS7fVzhr9qnYUWW2DlxWquOmitR6vtaHNaiPFn+YxtHGPG7\/93xpqqGHAO5k\/JlbrRpUzvT4SAJhoKdaOAHp8m4MN2ufQ3rIJqNONA5BlU4ZX+YUQI9CVaX4mikHnJVz0ekLAIre31tIlLe5zK0iJgb0WauPILeFUHfG\/hDtxzaYUBCdt\/hcRGKLkM7kOxnvCtJyHcI0rs0EKUtkKRvt1YG8GKC7we8kgHb3wKzQpqiwjdRZofEVpf4s39L+wSufN2yERClxc\/zZ5xM\/anf45FN326q10slGD1JayBMSJ8eMRTWd2jteav9aPEQic5zOuESF716eR6sI\/RimZhAJZBj7ByW9GcWmBoQQJsN64WYhuY907IORbVtU3zFysJ35lxofZxQ+WSTQF3sp9jroQuO1XT+yDkm8sBF8f4oY6ZuQjFjIM4yz\/Js"} 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1429000179906897,"flow_dst_last_pkt_time":1429000159329352,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_usec":1429000179906897,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeakoEAAPwZF\/Qo2qfp4HCMoyzEAUC00Xgzd2Ie2UBhgH8TOAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTAudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01245{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1429000052350287,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000055158240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":405,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":405,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":405,"flow_dst_tot_l4_payload_len":410,"midstream":1,"thread_ts_usec":1429000184253516,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}} +01245{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1429000052350287,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000055158240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":405,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":405,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":405,"flow_dst_tot_l4_payload_len":410,"midstream":1,"thread_ts_usec":1429000184253516,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000207973761,"flow_src_last_pkt_time":1429000207973761,"flow_dst_last_pkt_time":1429000207973761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000207973761,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1429000207973761,"flow_dst_last_pkt_time":1429000207973761,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_usec":1429000207973761,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYfhkAAPwbLFwo2qfp4HCMoyzIAUDz1EP7kfsOCUBgByRv\/AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTIudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} 01465{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000207973761,"flow_src_last_pkt_time":1429000207973761,"flow_dst_last_pkt_time":1429000207973761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000207973761,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"vod-singtelhawk.quickplay.com","http": {"url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36","detected_os":"Android 4.4.4"}}} @@ -126,11 +126,11 @@ 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1429000030766760,"flow_src_last_pkt_time":1429000039809180,"flow_dst_last_pkt_time":1429000040059760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":420,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":732,"flow_dst_tot_l4_payload_len":2724,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000041481085,"flow_src_last_pkt_time":1429000041481085,"flow_dst_last_pkt_time":1429000041819556,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":181,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":283,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1429000050062079,"flow_src_last_pkt_time":1429000051366980,"flow_dst_last_pkt_time":1429000052145575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":540,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":1080,"flow_dst_tot_l4_payload_len":89,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat"}} -01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052348029,"flow_src_last_pkt_time":1429000052348029,"flow_dst_last_pkt_time":1429000052688483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}} -01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054967566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}} +01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052348029,"flow_src_last_pkt_time":1429000052348029,"flow_dst_last_pkt_time":1429000052688483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}} +01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054967566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000031075232,"flow_src_last_pkt_time":1429000031075232,"flow_dst_last_pkt_time":1429000031382971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":302,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":53,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037659613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":81,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000118045538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":775,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":775,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037659613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":81,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}} +01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000118045538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":775,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":775,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1429000049060584,"flow_src_last_pkt_time":1429000051518927,"flow_dst_last_pkt_time":1429000051331885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":527,"flow_dst_max_l4_payload_len":1096,"flow_src_tot_l4_payload_len":1415,"flow_dst_tot_l4_payload_len":1096,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":30,"flow_first_seen":1429000052217627,"flow_src_last_pkt_time":1429000153720679,"flow_dst_last_pkt_time":1429000132692816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":15942,"flow_dst_tot_l4_payload_len":26320,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1429000153937720,"flow_src_last_pkt_time":1429000207676611,"flow_dst_last_pkt_time":1429000184062018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":2230,"flow_dst_tot_l4_payload_len":3354,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} @@ -140,9 +140,9 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1429000375190710,"flow_src_last_pkt_time":1429000385363074,"flow_dst_last_pkt_time":1429000385174414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1784,"flow_dst_tot_l4_payload_len":2108,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000031698279,"flow_src_last_pkt_time":1429000031698279,"flow_dst_last_pkt_time":1429000032158423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":283,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000037314978,"flow_src_last_pkt_time":1429000037314978,"flow_dst_last_pkt_time":1429000037771704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":283,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":206,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}} +01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":206,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1429000048159796,"flow_src_last_pkt_time":1429000048647467,"flow_dst_last_pkt_time":1429000048795905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":487,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":487,"flow_dst_max_l4_payload_len":1169,"flow_src_tot_l4_payload_len":974,"flow_dst_tot_l4_payload_len":1169,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} -00806{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":155,"packets-processed":155,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":145,"global_ts_usec":1429000385363074} +00807{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":155,"packets-processed":155,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":145,"global_ts_usec":1429000385363074} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 155/155 ~~ skipped flows.............: 0 @@ -151,10 +151,10 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5563105 bytes -~~ total memory freed........: 5563105 bytes -~~ total allocations/frees...: 86465/86465 +~~ total memory allocated....: 6708348 bytes +~~ total memory freed........: 6708348 bytes +~~ total allocations/frees...: 114625/114625 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 569 chars +~~ json message min len.......: 570 chars ~~ json message max len.......: 2445 chars ~~ json message avg len.......: 1507 chars |