diff options
Diffstat (limited to 'test/results/default/stun_wa_call.pcapng.out')
| -rw-r--r-- | test/results/default/stun_wa_call.pcapng.out | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/test/results/default/stun_wa_call.pcapng.out b/test/results/default/stun_wa_call.pcapng.out index f8d0f3ca2..d3f86f590 100644 --- a/test/results/default/stun_wa_call.pcapng.out +++ b/test/results/default/stun_wa_call.pcapng.out @@ -1,24 +1,24 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029444,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iFAAEARlLrAqAycXTl747Y8DZYA3LHsAAMAwCESpEJwdYtExyOnTtGTSiVAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUJM4QSLb1BesAMLdUeEcTNdZmV28="} -01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01089{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029608,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iJAAEARlLnAqAycXTl747Y8DZYA3ICVAAMAwCESpEJwdYtExyOnTtGTSiZAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUYWrisy40lbl9bq4cXAmMmnnA\/ig="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035471,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTlAAEARhZDAqAycnfDLPrY8DZYA3GV0AAMAwCESpEJwdYtExyOnTtGTSidAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUAA8jYlqEzFOauoSyCbgYSf5lAAk="} -01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035552,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTpAAEARhY\/AqAycnfDLPrY8DZYA3BLxAAMAwCESpEJwdYtExyOnTtGTSihAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUhAn28C7qfrkxLYQ0p3TNXw2BfFM="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035642,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9lAAEARVvDAqAycnfDnPrY8DZYA3J+gAAMAwCESpEJwdYtExyOnTtGTSilAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUBDu46Kp0MzZ62SMrNOCqwnrJBCw="} -01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968036993,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9pAAEARVu\/AqAycnfDnPrY8DZYA3K1KAAMAwCESpEJwdYtExyOnTtGTSipAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUPZihrJHzcl+3y+bEvnKo9qVH+uY="} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037054,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9NAAEAR6QHAqAycnfAVM7Y8DZYA3Ij9AAMAwCESpEJwdYtExyOnTtGTSitAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUjla64e3RO4Za5yiogz0w5BPrVCA="} -01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037165,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9RAAEAR6QDAqAycnfAVM7Y8DZYA3Ds6AAMAwCESpEJwdYtExyOnTtGTSixAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUHONBvdq4CMLPEotcA1cTDrS++GA="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037404,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWlAAEARBW\/AqAycnfDDMLY8DZYA3EQwAAMAwCESpEJwdYtExyOnTtGTSi1AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUYW\/o+S1f89d5dQU1\/5j2oMMTsiw="} -01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037483,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWpAAEARBW7AqAycnfDDMLY8DZYA3L3JAAMAwCESpEJwdYtExyOnTtGTSi5AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUN3sV7GYe+yROEsWZI\/FgD4k1DJ4="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037875,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qtAAFcRfoBdOXvjwKgMnA2WtjwATGHpAQMAMCESpEJwdYtExyOnTtGTSiUAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUqnIJzW\/j1X8c\/WgxJFDYTIjCG04="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037923,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qxAAFcRfn9dOXvjwKgMnA2WtjwATH+6AQMAMCESpEJwdYtExyOnTtGTSiYAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUsXruinhNMVlcZwjO7SsYhIE3y+M="} @@ -38,23 +38,23 @@ 02327{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659971853147,"flow_dst_last_pkt_time":1676659971919436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":245,"flow_src_tot_l4_payload_len":2693,"flow_dst_tot_l4_payload_len":1097,"midstream":0,"thread_ts_usec":1676659971919436,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":33,"avg":248828.9,"max":2505343,"stddev":601339.2,"var":361608839168.0,"ent":2.9,"data": [164,8431,48,2463749,2505343,241,3586,277,39475,77,6128,4820,33,25931,31612,82045,37743,1684,120855,35,78585,59946,292774,129998,59732,381615,376352,412427,48,227940,362001]},"pktlen": {"min":48,"avg":146.4,"max":300,"stddev":92.2,"var":8492.2,"ent":4.7,"data": [240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273]},"bins": {"c_to_s": [2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1],"entropies": [7.019773483,6.984464645,5.818136215,5.825999260,5.808753967,6.987159729,6.971193790,6.971321106,6.997097969,5.676367760,5.789438725,5.665334225,5.732045174,5.722330570,5.218094349,5.178508282,5.782431126,6.963978291,6.992527008,5.698242188,5.789439201,5.829556465,4.883490086,6.023591995,6.055227757,5.025671005,5.503230572,5.670224667,6.552639484,5.494553089,6.944911957,7.162023067]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625604,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9JAAEARdrvAqAycnfDLPsF2DZYBGCb2AAMA\/CESpEI9TftlKWJACU3e+TlAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUpYIpus8qv8w9yHZkGb+Y7RORCLU="} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625741,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9NAAEARdrrAqAycnfDLPsF2DZYBGPgrAAMA\/CESpEI9TftlKWJACU3e+TpAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUEQwgZYwKJgQ4LTYK3y4FIA+jynM="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625888,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRpAAEARTXPAqAycnfDnPsF2DZYBGH7rAAMA\/CESpEI9TftlKWJACU3e+TtAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUCDd5eQa4+xNebQ8SJJA4mgXX1Xw="} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626848,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRtAAEARTXLAqAycnfDnPsF2DZYBGAyJAAMA\/CESpEI9TftlKWJACU3e+TxAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUmjsvXCKwESsJBUhkQNrKqeK5XsE="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626979,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOIpAAEAR0QPAqAycnfDEPsF2DZYBGJUCAAMA\/CESpEI9TftlKWJACU3e+T1AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUB5JO\/KlnIgtwDyIZGyJD72U36pw="} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627131,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOItAAEAR0QLAqAycnfDEPsF2DZYBGPuoAAMA\/CESpEI9TftlKWJACU3e+T5AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUfoSihPG3YBzTpEujhX4y3pFRIJQ="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627268,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxlAAEARgTbAqAycszzAMMF2DZYBGFP0AAMA\/CESpEI9TftlKWJACU3e+T9AAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUhqeiK6BMauUxm+\/Y2otPN+x\/Trc="} -01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627411,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxpAAEARgTXAqAycszzAMMF2DZYBGONAAAMA\/CESpEI9TftlKWJACU3e+UBAAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUyHPsRBz2TIoTMZ+WvAxhGroaguM="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627509,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6ZAAEARbqbAqAycuTzYM8F2DZYBGAVtAAMA\/CESpEI9TftlKWJACU3e+UFAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAUkNyfIYYrYkDQ4zmgKorzXUAe8eI="} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627695,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6dAAEARbqXAqAycuTzYM8F2DZYBGKyuAAMA\/CESpEI9TftlKWJACU3e+UJAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAU1fgpuSj5BRZ8oNucqnlM0gIwTBo="} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633882,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4RAAFURM5Wd8Ms+wKgMnA2WwXYATBxlAQMAMCESpEI9TftlKWJACU3e+TkAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUUb\/WTpOkWW3X+FJVIBlYvEA2oDs="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633906,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4VAAFURM5Sd8Ms+wKgMnA2WwXYATMHnAQMAMCESpEI9TftlKWJACU3e+ToAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUDYqarGE3M6w9+UUOpDJLk0B0AtY="} @@ -70,10 +70,10 @@ 02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020791890,"flow_dst_last_pkt_time":1676660020799292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":6812,"midstream":0,"thread_ts_usec":1676660020799292,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":10966.9,"max":25268,"stddev":4978.7,"var":24787812.0,"ent":4.8,"data": [137,8278,24,10101,8060,24512,25268,11561,10122,12790,14381,10560,10576,10583,10464,16311,6103,16248,5886,9963,9713,10612,11320,10716,10523,10812,10574,10236,10724,11289,11527]},"pktlen": {"min":48,"avg":284.5,"max":540,"stddev":217.5,"var":47305.8,"ent":4.6,"data": [300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540]},"bins": {"c_to_s": [1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [6.990001202,7.010884762,5.755636215,5.672302246,5.721662998,1.491354108,5.778674603,1.487650514,5.626501560,1.484854460,5.623420715,1.491354465,5.691719532,1.491354108,5.569489479,1.485344768,5.160700798,5.721662998,5.136841774,1.489048600,5.743401527,1.492752314,5.735196590,1.489956141,5.640035152,1.476539373,5.664651394,1.487650633,5.808619022,1.477447271,5.713458061,1.502465248]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024064221,"pkt":"CL6sCxduJjb1W8R1CABFwABISENAAEAR8RrAqAycClIo8cF2nfQANFuYAAEAGCESpEJVqr9siNtocRyv\/Q8ACAAUchhTvhiAgB6AsW9lN0aBjK2SqVw="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024118990,"pkt":"CL6sCxduJjb1W8R1CABFwABIQMlAAEARWF\/AqAycXSF2V8F2oJMANCgyAAEAGCESpEJkgPwVvmQKYO\/3pCAACAAUg1CfFRfb1oP8Sp+duu11SA8TZZg="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024190308,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024190308,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuhAADYRHNhdIXZXwKgMnKCTwXYANMoKAQEAGCESpEJkgPwVvmQKYO\/3pCAACAAU75F70SqUX4Lgp4cEKxEnrcitNiQ="} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024239979,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuxAADYRHNRdIXZXwKgMnKCTwXYANNC\/AAEAGCESpEKLftcLEYCUSZQPnhMACAAUyvIcEMHWqj2hvqdguHUxOVHLVE0="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1676660024243082,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024243082,"pkt":"CL6sCxduJjb1W8R1CABFwABIQNRAAEARWFTAqAycXSF2V8F2oJMANHYOAQEAGCESpEKLftcLEYCUSZQPnhMACAAUURXXOFysTKzVt50fky2JdWR1wBg="} @@ -98,8 +98,8 @@ 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660035302538,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660035302780,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":73,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660035302005,"flow_dst_last_pkt_time":1676660032998729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":500,"flow_dst_max_l4_payload_len":1113,"flow_src_tot_l4_payload_len":10937,"flow_dst_tot_l4_payload_len":37017,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01233{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660034747875,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01239{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024502343,"flow_dst_last_pkt_time":1676660024457689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":834,"flow_src_tot_l4_payload_len":3129,"flow_dst_tot_l4_payload_len":5056,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01241{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660034747875,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01247{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024502343,"flow_dst_last_pkt_time":1676660024457689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":834,"flow_src_tot_l4_payload_len":3129,"flow_dst_tot_l4_payload_len":5056,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660035302856,"flow_dst_last_pkt_time":1676660020649585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660035303048,"flow_dst_last_pkt_time":1676660020646471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659999805645,"flow_dst_last_pkt_time":1676659970555584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -107,7 +107,7 @@ 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659999805772,"flow_dst_last_pkt_time":1676659970555657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659999805428,"flow_dst_last_pkt_time":1676659970541205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":171,"flow_dst_packets_processed":206,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659999805377,"flow_dst_last_pkt_time":1676659999441975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":21189,"flow_dst_tot_l4_payload_len":21151,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":591,"packets-processed":591,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1676660035303048} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":591,"packets-processed":591,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1676660035303048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 591/591 ~~ skipped flows.............: 0 @@ -116,9 +116,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7809668 bytes -~~ total memory freed........: 7809668 bytes -~~ total allocations/frees...: 147094/147094 +~~ total memory allocated....: 11518095 bytes +~~ total memory freed........: 11518095 bytes +~~ total allocations/frees...: 217348/217348 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 575 chars ~~ json string max len.......: 2336 chars |