aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/signal_audiocall_2.pcapng.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/signal_audiocall_2.pcapng.out')
-rw-r--r--test/results/default/signal_audiocall_2.pcapng.out65
1 files changed, 65 insertions, 0 deletions
diff --git a/test/results/default/signal_audiocall_2.pcapng.out b/test/results/default/signal_audiocall_2.pcapng.out
new file mode 100644
index 000000000..18e66e3ad
--- /dev/null
+++ b/test/results/default/signal_audiocall_2.pcapng.out
@@ -0,0 +1,65 @@
+00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1741528492221089}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741528492221089,"flow_src_last_pkt_time":1741528492221089,"flow_dst_last_pkt_time":1741528492221089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528492221089,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"76.223.92.165","src_port":47464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1741528492221089,"flow_dst_last_pkt_time":1741528492221089,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1741528492221089,"pkt":"dNo47VMyYhO2esBpCABFAAA832ZAAEAG5OXAqAxDTN9cpbloAbt\/gJNlAAAAAKAC\/\/8flAAAAgQFtAQCCAqdC0blAAAAAAEDAwk="}
+00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1741528492221089,"flow_dst_last_pkt_time":1741528492224295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1741528492224295,"pkt":"YhO2esBpdNo47VMyCABFAAA8AABAAPYGDkxM31ylwKgMQwG7uWiLq6Pzf4CTZqAS\/\/+KyQAAAgQFtAQCCAo2+i4hnQtG5QEDAwg="}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741528492226636,"flow_src_last_pkt_time":1741528492226636,"flow_dst_last_pkt_time":1741528492226636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528492226636,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"76.223.92.165","src_port":47466,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1741528492226636,"flow_dst_last_pkt_time":1741528492226636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1741528492226636,"pkt":"dNo47VMyYhO2esBpCABFAAA8kh9AAEAGMi3AqAxDTN9cpblqAbt\/o2MmAAAAAKAC\/\/9PqAAAAgQFtAQCCAqdC0brAAAAAAEDAwk="}
+00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1741528492228916,"flow_dst_last_pkt_time":1741528492224295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1741528492228916,"pkt":"dNo47VMyYhO2esBpCABFAAA032dAAEAG5OzAqAxDTN9cpbloAbt\/gJNmi6uj9IAQAKy44gAAAQEICp0LRu02+i4h"}
+00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1741528492226636,"flow_dst_last_pkt_time":1741528492229239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1741528492229239,"pkt":"YhO2esBpdNo47VMyCABFAAA8AABAAPYGDkxM31ylwKgMQwG7uWqIaEUpf6NjJ6AS\/\/+qOwAAAgQFtAQCCAo3oqAonQtG6wEDAwg="}
+00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1741528492231633,"flow_dst_last_pkt_time":1741528492229239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1741528492231633,"pkt":"dNo47VMyYhO2esBpCABFAAA0kiBAAEAGMjTAqAxDTN9cpblqAbt\/o2MniGhFKoAQAKzYVwAAAQEICp0LRvA3oqAo"}
+00910{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1741528492240998,"flow_dst_last_pkt_time":1741528492229239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_usec":1741528492240998,"pkt":"dNo47VMyYhO2esBpCABFAAE4kiFAAEAGMS\/AqAxDTN9cpblqAbt\/o2MniGhFKoAYAKw4AgAAAQEICp0LRvk3oqAoFgMBAP8BAAD7AwOOmKXuSYkQ8\/sZiOmqm54QlSiQDAxOhJE13i4UU2UTmyC8n7CMCAa93Av6FXfC2JO7ZUN3vIB4asWBZnhgg8p+fwASEwETAhMDwCvALMypwC\/AMMyoAQAAoAAAABQAEgAAD2NoYXQuc2lnbmFsLm9yZwAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAMwAmACQAHQAgTe4N6eGJRldqCLHSu8bYW3TPg7Hkc4Uf6b7h\/t3Q7AoALQACAQEAKwAFBAMEAwM="}
+01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1741528492226636,"flow_src_last_pkt_time":1741528492240998,"flow_dst_last_pkt_time":1741528492229239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528492240998,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"76.223.92.165","src_port":47466,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"chat.signal.org","domainame":"chat.signal.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d0912ht_f91f431d341e_40271e0a5736","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
+00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1741528492240998,"flow_dst_last_pkt_time":1741528492243967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1741528492243967,"pkt":"YhO2esBpdNo47VMyCABFAAA02IBAAPYGNdNM31ylwKgMQwG7uWqIaEUqf6NkK4AQAQXW4wAAAQEICjeioDadC0b5"}
+00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1741528492244424,"flow_dst_last_pkt_time":1741528492224295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_usec":1741528492244424,"pkt":"dNo47VMyYhO2esBpCABFAAE432hAAEAG4+fAqAxDTN9cpbloAbt\/gJNmi6uj9IAYAKye+QAAAQEICp0LRv02+i4hFgMBAP8BAAD7AwMOL7\/5A50RUdA08i0Z7snGot6jec4CbbkgBRuR62IgNSDGMR35MOn+4RjsLgFqlqZrmiTFt\/D+3s6lJngHNlLMGAASEwETAhMDwCvALMypwC\/AMMyoAQAAoAAAABQAEgAAD2NoYXQuc2lnbmFsLm9yZwAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAMwAmACQAHQAg6jqNB4ss7tCnznTIzMa1KLDlohCpVMprNg+gYG7j4QoALQACAQEAKwAFBAMEAwM="}
+01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1741528492221089,"flow_src_last_pkt_time":1741528492244424,"flow_dst_last_pkt_time":1741528492224295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528492244424,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"76.223.92.165","src_port":47464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"chat.signal.org","domainame":"chat.signal.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d0912ht_f91f431d341e_40271e0a5736","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
+00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1741528492244424,"flow_dst_last_pkt_time":1741528492247159,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1741528492247159,"pkt":"YhO2esBpdNo47VMyCABFAAA05QFAAPYGKVJM31ylwKgMQwG7uWiLq6P0f4CUaoAQAQW3XgAAAQEICjb6LjidC0b9"}
+01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1741528492221089,"flow_src_last_pkt_time":1741528492244424,"flow_dst_last_pkt_time":1741528492436708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1741528492436708,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"76.223.92.165","src_port":47464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"chat.signal.org","domainame":"chat.signal.org","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d0912ht_f91f431d341e_40271e0a5736","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
+01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1741528492226636,"flow_src_last_pkt_time":1741528492240998,"flow_dst_last_pkt_time":1741528492437305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1741528492437305,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"76.223.92.165","src_port":47466,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"chat.signal.org","domainame":"chat.signal.org","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d0912ht_f91f431d341e_40271e0a5736","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
+02207{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1741528492226636,"flow_src_last_pkt_time":1741528523120976,"flow_dst_last_pkt_time":1741528523223696,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":995,"flow_dst_tot_l4_payload_len":4826,"midstream":0,"thread_ts_usec":1741528523223696,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"76.223.92.165","src_port":47466,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":1996496.8,"max":29945060,"stddev":7336445.0,"var":53823422857216.0,"ent":1.3,"data": [2603,4997,9365,14728,193338,14,6,4,15511,228510,2273,9930,4089,1395,5957,42709,11877,12166,87804,19,101230,12124,15,29787,29913712,29945060,101610,143693,427525,469041,100308]},"pktlen": {"min":52,"avg":234.8,"max":1500,"stddev":363.0,"var":131748.4,"ent":4.0,"data": [60,60,52,312,52,185,1500,1500,246,246,52,52,52,52,64,132,52,409,52,140,140,52,337,140,52,291,52,844,52,111,52,120]},"bins": {"c_to_s": [10,1,1,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,4,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,1,1,0,0,1,1,0,0,1,1],"entropies": [4.825882912,5.279368401,5.195351124,6.157801628,5.246409416,6.490487576,7.875824451,7.864108086,7.184711933,7.162314892,5.156889915,5.272274494,5.272274494,5.272274494,5.197124004,6.295201778,5.323332787,7.423076630,5.253916740,6.436878681,6.575819016,5.272274494,7.311059475,6.511210442,5.156889915,7.084508896,5.246409416,7.748560905,5.171406746,6.160127163,5.246409416,6.335816860]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
+02209{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1741528492221089,"flow_src_last_pkt_time":1741528523446949,"flow_dst_last_pkt_time":1741528523551836,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1134,"flow_dst_tot_l4_payload_len":4093,"midstream":0,"thread_ts_usec":1741528523551836,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"76.223.92.165","src_port":47464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":2017955.1,"max":30482503,"stddev":7471759.0,"var":55827184484352.0,"ent":1.2,"data": [3206,7827,15508,22864,189549,23,539,17,6,195176,2667,9643,3573,2369,15314,38479,52126,52418,47961,18,58857,53396,6065,76200,30454379,30482503,101264,139577,192644,230640,101799]},"pktlen": {"min":52,"avg":215.8,"max":1500,"stddev":351.1,"var":123252.7,"ent":3.9,"data": [60,60,52,312,52,179,58,1500,1500,246,52,52,52,52,52,132,52,516,52,140,140,52,425,169,52,111,52,139,52,323,52,169]},"bins": {"c_to_s": [10,1,1,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,3,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,1,1,0,0,1,1,0,0,1,1],"entropies": [4.792549610,5.346035480,5.195351124,6.100128174,5.215455055,6.495028973,5.206697941,7.858503819,7.872685909,7.053726196,5.156889439,5.156889439,5.195351124,5.156889915,5.156889439,6.293196678,5.169486046,7.552308559,5.207947731,6.568352222,6.447961330,5.156889439,7.497372627,6.748924255,5.195351124,6.113798618,5.284871101,6.559404850,5.041504860,7.230971813,5.207947731,6.672723293]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
+00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741528530074946,"flow_src_last_pkt_time":1741528530074946,"flow_dst_last_pkt_time":1741528530074946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528530074946,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"141.101.90.1","src_port":43281,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1741528530074946,"flow_dst_last_pkt_time":1741528530074946,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1741528530074946,"pkt":"dNo47VMyYhO2esBpCABFAAAw1ppAAEARr9DAqAxDjWVaAakRDZYAHBg9AAEAACESpEJFajd5NDNwaTREYWU="}
+01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741528530074946,"flow_src_last_pkt_time":1741528530074946,"flow_dst_last_pkt_time":1741528530074946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528530074946,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"141.101.90.1","src_port":43281,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
+00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1741528530076042,"flow_dst_last_pkt_time":1741528530074946,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1741528530076042,"pkt":"dNo47VMyYhO2esBpCABFAAA41ptAAEARr8fAqAxDjWVaAakRDZYAJBDmAAMACCESpEJZUmlxMHVVQTF2M1kAGQAEEQAAAA=="}
+00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1741528530076042,"flow_dst_last_pkt_time":1741528530088733,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1741528530088733,"pkt":"YhO2esBpdNo47VMyCABFAACkiGUAADkRRJKNZVoBwKgMQw2WqREAkJ\/ZARMAdCESpEJZUmlxMHVVQTF2M1kACQAEAAAEAQAVAFAwMDAwMDE5NTdiMzA3Y2EzOTQ4MTE4ZjhlN2MwZTZjZDA1NTIxNzE3MGM3OWUzZTI4MjZiODI2ZDUxY2FmODk3NDRiODYyOTk2ODkyOWJiMQAUABN0dXJuLmNsb3VkZmxhcmUuY29tAA=="}
+01079{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1741528530074946,"flow_src_last_pkt_time":1741528530076042,"flow_dst_last_pkt_time":1741528530088733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1741528530088733,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"141.101.90.1","src_port":43281,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.cloudflare.com","domainame":"turn.cloudflare.com","stun": {"multimedia_flow_types":"Unknown"}}}
+00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1741528530076042,"flow_dst_last_pkt_time":1741528530089065,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1741528530089065,"pkt":"YhO2esBpdNo47VMyCABFAABEiGYAADkRRPGNZVoBwKgMQw2WqREAMBEnAQEAFCESpEJFajd5NDNwaTREYWUAIAAIAAHwmXwxDKyAKAAERTnG0w=="}
+00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1741528530093514,"flow_dst_last_pkt_time":1741528530089065,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1741528530093514,"pkt":"dNo47VMyYhO2esBpCABFAAEA1p1AAEARrv3AqAxDjWVaAakRDZYA7FdTAAMA0CESpEI3OTd4a1l5U3BwbEMAGQAEEQAAAAAGAEBnMDliODQ1Y2MwYzBiYzU3YjhkOWFlMDQ5MDJmZTc5YjlhNjc1ZDE0ZDU3MTFlZWU1NzZjMDZkY2JlMzgxMzc0ABQAE3R1cm4uY2xvdWRmbGFyZS5jb20AABUAUDAwMDAwMTk1N2IzMDdjYTM5NDgxMThmOGU3YzBlNmNkMDU1MjE3MTcwYzc5ZTNlMjgyNmI4MjZkNTFjYWY4OTc0NGI4NjI5OTY4OTI5YmIxAAgAFP86F2OC7G3O6gJepSbuM838TDxD"}
+00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741528531527397,"flow_src_last_pkt_time":1741528531527397,"flow_dst_last_pkt_time":1741528531527397,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528531527397,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"10.219.164.8","src_port":43281,"dst_port":50017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1741528531527397,"flow_dst_last_pkt_time":1741528531527397,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1741528531527397,"pkt":"dNo47VMyYhO2esBpCABFAAB8iVZAAEARNUzAqAxDCtukCKkRw2EAaFL8AAEATCESpEJwOHJFWkpRQ0pjVTcABgAJVjJYYjp5czB0AAAAwFcABAADAAqAKgAIQNoWHAcm1dMAJAAEbn8+\/wAIABSdqlfYk\/dQI0C7Gsd0kM+1TlUZLoAoAASElPhQ"}
+01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741528531527397,"flow_src_last_pkt_time":1741528531527397,"flow_dst_last_pkt_time":1741528531527397,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528531527397,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"10.219.164.8","src_port":43281,"dst_port":50017,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741528531576221,"flow_src_last_pkt_time":1741528531576221,"flow_dst_last_pkt_time":1741528531576221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528531576221,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"93.40.63.219","src_port":43281,"dst_port":49514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1741528531576221,"flow_dst_last_pkt_time":1741528531576221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1741528531576221,"pkt":"dNo47VMyYhO2esBpCABFAAB8biVAAEARYl3AqAxDXSg\/26kRwWoAaHTYAAEATCESpEI0RHpFMXlNbnlpMnAABgAJVjJYYjp5czB0AAAAwFcABAADAAqAKgAIQNoWHAcm1dMAJAAEbn8+\/wAIABRgsLMCReiWoZIapiaY+zIKYp1FqoAoAASHI4E2"}
+01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1741528531576221,"flow_src_last_pkt_time":1741528531576221,"flow_dst_last_pkt_time":1741528531576221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528531576221,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"93.40.63.219","src_port":43281,"dst_port":49514,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
+00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1741528531576221,"flow_dst_last_pkt_time":1741528531615550,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1741528531615550,"pkt":"YhO2esBpdNo47VMyCABFAABcmN1AADcRQMVdKD\/bwKgMQ8FqqREASNZcAQEALCESpEI0RHpFMXlNbnlpMnAAIAAIAAHwnnwxDKwACAAUOVxTIICuCwjDl6T8bSI\/hrIUQBqAKAAE0PXKRg=="}
+00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1741528531626164,"flow_dst_last_pkt_time":1741528531615550,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1741528531626164,"pkt":"dNo47VMyYhO2esBpCABFAACEbilAAEARYlHAqAxDXSg\/26kRwWoAcJJLAAEAVCESpEJnQi9sWHhKNGRRUUwABgAJVjJYYjp5czB0AAAAwFcABAADAAqAKgAIQNoWHAcm1dPAAQAEAAAAAQAkAARufz7\/AAgAFJS2AQANqwxPK2EMa6I7oc8HeIg0gCgABHcPfqE="}
+00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1741528531626164,"flow_dst_last_pkt_time":1741528531665135,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1741528531665135,"pkt":"YhO2esBpdNo47VMyCABFAABcmOVAADcRQL1dKD\/bwKgMQ8FqqREASPINAQEALCESpEJnQi9sWHhKNGRRUUwAIAAIAAHwnnwxDKwACAAUYdOY40VmShLCfi0DzY\/UPCMBCeqAKAAErvmSGQ=="}
+00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1741528531674082,"flow_dst_last_pkt_time":1741528531665135,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1741528531674082,"pkt":"dNo47VMyYhO2esBpCABFAAB8bipAAEARYljAqAxDXSg\/26kRwWoAaFNaAAEATCESpEJDSkR4VUFmNFMvcWoABgAJVjJYYjp5czB0AAAAwFcABAADAAqAKgAIQNoWHAcm1dMAJAAEbn8+\/wAIABSO7pwASJp6RxuSCdcJljMf2v3sqIAoAASXt+fO"}
+00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1741528531722094,"flow_dst_last_pkt_time":1741528531527397,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1741528531722094,"pkt":"dNo47VMyYhO2esBpCABFAAB8iVlAAEARNUnAqAxDCtukCKkRw2EAaDEOAAEATCESpEI4M0xWMnZ5Nm1OVTQABgAJVjJYYjp5czB0AAAAwFcABAADAAqAKgAIQNoWHAcm1dMAJAAEbn8+\/wAIABSqNQ0OUfMvlMJ\/2w7ALUbezjXhXoAoAASQHZ2S"}
+00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1741528531771173,"flow_dst_last_pkt_time":1741528531527397,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1741528531771173,"pkt":"dNo47VMyYhO2esBpCABFAAB8iVtAAEARNUfAqAxDCtukCKkRw2EAaF2eAAEATCESpEJjT1draERUKytqVVMABgAJVjJYYjp5czB0AAAAwFcABAADAAqAKgAIQNoWHAcm1dMAJAAEbn8+\/wAIABSGl9DSJnQcj4svL3lOA7eJ5kMjBoAoAATGql5T"}
+00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1741528532323627,"flow_dst_last_pkt_time":1741528531527397,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1741528532323627,"pkt":"dNo47VMyYhO2esBpCABFAAB8iWZAAEARNTzAqAxDCtukCKkRw2EAaJldAAEATCESpEJyaGVUQ25vOSticWcABgAJVjJYYjp5czB0AAAAwFcABAADAAqAKgAIQNoWHAcm1dMAJAAEbn8+\/wAIABRqrszplRnu0oJnPKAf9kGDv7Bmr4AoAAQjFvhp"}
+00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1741528533321994,"flow_dst_last_pkt_time":1741528531527397,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1741528533321994,"pkt":"dNo47VMyYhO2esBpCABFAAB8ibpAAEARNOjAqAxDCtukCKkRw2EAaC5YAAEATCESpEJiRnlwbG5HK05hQUoABgAJVjJYYjp5czB0AAAAwFcABAADAAqAKgAIQNoWHAcm1dMAJAAEbn8+\/wAIABTLGEU4jVXlHuhC8IGGNZRAxLOQuoAoAAQS9rK4"}
+01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1741528531527397,"flow_src_last_pkt_time":1741528534825530,"flow_dst_last_pkt_time":1741528531527397,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":672,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528534825530,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"10.219.164.8","src_port":43281,"dst_port":50017,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
+02391{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1741528531576221,"flow_src_last_pkt_time":1741528541603281,"flow_dst_last_pkt_time":1741528541600346,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1288,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1741528541603281,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"93.40.63.219","src_port":43281,"dst_port":49514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":14719,"avg":646812.4,"max":2310060,"stddev":844124.2,"var":712545796096.0,"ent":3.9,"data": [39329,49943,49585,47918,40299,14719,50030,50930,50134,49124,47579,998710,1035248,214781,253990,747880,784839,214903,250805,2256562,2295269,215036,253928,2261303,2300026,209978,252484,2270931,2310060,199999,234863]},"pktlen": {"min":92,"avg":108.2,"max":132,"stddev":16.3,"var":265.9,"ent":5.0,"data": [124,92,132,92,124,92,124,92,124,92,124,92,124,92,124,92,124,92,124,92,124,92,124,92,124,92,124,92,124,92,124,92]},"bins": {"c_to_s": [0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0],"entropies": [5.817360401,5.664065838,5.717761040,5.783843040,5.869493961,5.715749264,5.914074898,5.707544327,5.946332932,5.702215672,5.897945881,5.705251694,5.884011269,5.642328262,5.849558830,5.759227276,5.877923489,5.685805798,5.914074898,5.753898621,5.845664978,5.669978619,5.930203915,5.702216148,5.932398319,5.723955154,5.849558830,5.780966759,5.791190147,5.840855598,5.962461948,5.780966282]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":56,"flow_first_seen":1741528531576221,"flow_src_last_pkt_time":1741528544723889,"flow_dst_last_pkt_time":1741528544550264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":295,"flow_dst_max_l4_payload_len":295,"flow_src_tot_l4_payload_len":11570,"flow_dst_tot_l4_payload_len":10075,"midstream":0,"thread_ts_usec":1741528544877755,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"93.40.63.219","src_port":43281,"dst_port":49514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":23,"flow_first_seen":1741528492221089,"flow_src_last_pkt_time":1741528531563972,"flow_dst_last_pkt_time":1741528531566315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1281,"flow_dst_tot_l4_payload_len":7173,"midstream":0,"thread_ts_usec":1741528544877755,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"76.223.92.165","src_port":47464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"chat.signal.org"}}
+01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":24,"flow_first_seen":1741528492226636,"flow_src_last_pkt_time":1741528542565107,"flow_dst_last_pkt_time":1741528542562123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4120,"flow_dst_tot_l4_payload_len":5040,"midstream":0,"thread_ts_usec":1741528544877755,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"76.223.92.165","src_port":47466,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"chat.signal.org"}}
+01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1741528530074946,"flow_src_last_pkt_time":1741528540100828,"flow_dst_last_pkt_time":1741528540113160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1392,"flow_dst_tot_l4_payload_len":1284,"midstream":0,"thread_ts_usec":1741528544877755,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"141.101.90.1","src_port":43281,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.cloudflare.com"}}
+01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":0,"flow_first_seen":1741528531527397,"flow_src_last_pkt_time":1741528544877755,"flow_dst_last_pkt_time":1741528531527397,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1741528544877755,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"10.219.164.8","src_port":43281,"dst_port":50017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/signal_audiocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":258,"packets-processed":258,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44143,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1741528544877755}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 258/258
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 44143 bytes
+~~ total detected protocols..: 5
+~~ total active/idle flows...: 5/5
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 9277946 bytes
+~~ total memory freed........: 9277946 bytes
+~~ total allocations/frees...: 150100/150100
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json message min len.......: 554 chars
+~~ json message max len.......: 2396 chars
+~~ json message avg len.......: 1474 chars
Powered by cgit, Themed by Ted Yin.