aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/wa_video.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/wa_video.pcap.out')
-rw-r--r--test/results/default/wa_video.pcap.out24
1 files changed, 12 insertions, 12 deletions
diff --git a/test/results/default/wa_video.pcap.out b/test/results/default/wa_video.pcap.out
index e9c3407f5..715c953d8 100644
--- a/test/results/default/wa_video.pcap.out
+++ b/test/results/default/wa_video.pcap.out
@@ -1,5 +1,5 @@
-00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561455764448302}
+00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561455764448302}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455764448302,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455764448302,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI0kIAAEARIhLAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="}
00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455764448302,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
@@ -48,7 +48,7 @@
01069{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790329,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769823739,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:53046","multimedia_flow_types":"Unknown"}}}
00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455770313920,"flow_src_last_pkt_time":1561455770313920,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455770313920,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1561455770313920,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1561455770313920,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClcA8AAAIRlYrAqAIM7\/\/\/+shNB2wAkeqFTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455770313920,"flow_src_last_pkt_time":1561455770313920,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455770313920,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}}
+01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455770313920,"flow_src_last_pkt_time":1561455770313920,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455770313920,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250","domainame":"239.255.255.250","ssdp": {"METHOD":"M-SEARCH","MAN":"\"ssdp:discover\"","MX":"3","ST":": urn:schemas-upnp-org:device:InternetGatewayDevice:1"}}}
01988{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1561455767339689,"flow_src_last_pkt_time":1561455770332620,"flow_dst_last_pkt_time":1561455769794560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1640,"flow_dst_tot_l4_payload_len":5261,"midstream":1,"thread_ts_usec":1561455770332620,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":175735.5,"max":2404473,"stddev":473951.1,"var":224629620736.0,"ent":2.4,"data": [51726,176830,2,0,439642,1227815,753,306057,108901,2404473,241,10,252,9,41,323,133116,635,40681,277,7651,7949,1743,1602,528764,1087,660,696,654,2651,2561]},"pktlen": {"min":52,"avg":268.4,"max":1440,"stddev":335.2,"var":112371.9,"ent":4.2,"data": [600,52,1440,155,508,508,332,189,225,1440,52,52,64,52,52,52,64,228,228,52,52,228,52,404,52,214,212,206,206,206,206,206]},"bins": {"c_to_s": [11,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,1,1,4,0,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0],"entropies": [7.608484745,5.077241421,7.865381718,6.691146851,7.578685284,7.572544098,7.307354450,6.700509548,7.001189232,7.865732670,4.976373672,5.053297043,5.138105392,5.091758728,5.053297043,5.091758728,5.157560349,6.986247063,7.012214661,5.053297043,5.053297043,6.984363556,5.053297043,7.459637642,5.053297043,6.913162708,6.866742134,6.851969242,6.911801815,6.922309875,6.837723732,6.965609550]}}
01064{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1561455767339689,"flow_src_last_pkt_time":1561455770332620,"flow_dst_last_pkt_time":1561455769794560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1640,"flow_dst_tot_l4_payload_len":5261,"midstream":1,"thread_ts_usec":1561455770332620,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1561455770337759,"flow_dst_last_pkt_time":1561455769803703,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455770337759,"pkt":"xiwDYGpkkLkxKPrKCABFAACaSm4AAEAR9\/PAqAIMHw1WMNG4DZYAhm0eAAMAaiESpEIMCJFuDJOtHXjqlFZAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
@@ -84,31 +84,31 @@
00975{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1561455791449786,"flow_dst_last_pkt_time":1561455791449110,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_usec":1561455791449786,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFvmCUAAEARWwjAqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"}
00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":751,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455792270282,"flow_src_last_pkt_time":1561455792270282,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455792270282,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1561455792270282,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1561455792270282,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClb\/UAAAIRlaTAqAIM7\/\/\/+v4BB2wAkbTRTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":751,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455792270282,"flow_src_last_pkt_time":1561455792270282,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455792270282,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}}
+01118{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":751,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455792270282,"flow_src_last_pkt_time":1561455792270282,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455792270282,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250","domainame":"239.255.255.250","ssdp": {"METHOD":"M-SEARCH","MAN":"\"ssdp:discover\"","MX":"3","ST":": urn:schemas-upnp-org:device:InternetGatewayDevice:1"}}}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1561455792270460,"flow_dst_last_pkt_time":1561455769813684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455792270460,"pkt":"xiwDYGpkkLkxKPrKCABFAACaNCIAAEAR8gzAqAIMuTzYM9G4DZYAhkjkCAAAaiESpEIMCJFuDJOtHXjqlGBAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1561455792270570,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455792270570,"pkt":"xiwDYGpkkLkxKPrKCABFAACaRxUAAEAREWnAqAIMnfDBMNG4DZYAhnsyCAAAaiESpEIMCJFuDJOtHXjqlGFAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1561455792270694,"flow_dst_last_pkt_time":1561455769817420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455792270694,"pkt":"xiwDYGpkkLkxKPrKCABFAACafQwAAEARxyXAqAIMszzAMNG4DZYAhmblCAAAaiESpEIMCJFuDJOtHXjqlGJAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1561455792270823,"flow_dst_last_pkt_time":1561455769812753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455792270823,"pkt":"xiwDYGpkkLkxKPrKCABFAACa1S0AAEARgELAqAIMnfDEPtG4DZYAhngiCAAAaiESpEIMCJFuDJOtHXjqlGNAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455792273279,"flow_src_last_pkt_time":1561455792273279,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455792273279,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1561455792273279,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1561455792273279,"pkt":"AQBef\/\/6kLkxKPrKCABFAACleZoAAAIRi\/\/AqAIM7\/\/\/+skCB2wAkenQTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455792273279,"flow_src_last_pkt_time":1561455792273279,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455792273279,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}}
+01118{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455792273279,"flow_src_last_pkt_time":1561455792273279,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455792273279,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250","domainame":"239.255.255.250","ssdp": {"METHOD":"M-SEARCH","MAN":"\"ssdp:discover\"","MX":"3","ST":": urn:schemas-upnp-org:device:InternetGatewayDevice:1"}}}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1561455795276739,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1561455795276739,"pkt":"AQBef\/\/6kLkxKPrKCABFAACgOnoAAAIRyyTAqAIM7\/\/\/+skCB2wAjBoITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1561455795277117,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1561455795277117,"pkt":"AQBef\/\/6kLkxKPrKCABFAACg4VAAAAIRJE7AqAIM7\/\/\/+v4BB2wAjOUITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455772049243,"flow_src_last_pkt_time":1561455780246416,"flow_dst_last_pkt_time":1561455772049243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac"}}
00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":347,"flow_dst_packets_processed":146,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455792270349,"flow_dst_last_pkt_time":1561455789410471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1139,"flow_dst_max_l4_payload_len":1053,"flow_src_tot_l4_payload_len":209223,"flow_dst_tot_l4_payload_len":18746,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455791996221,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455792270282,"flow_src_last_pkt_time":1561455795277117,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
+01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455792270282,"flow_src_last_pkt_time":1561455795277117,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}}
00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455792270694,"flow_dst_last_pkt_time":1561455769817420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455792270460,"flow_dst_last_pkt_time":1561455769813684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455791449110,"flow_src_last_pkt_time":1561455791449786,"flow_dst_last_pkt_time":1561455791449110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":339,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":67,"flow_first_seen":1561455767339689,"flow_src_last_pkt_time":1561455795283003,"flow_dst_last_pkt_time":1561455795007751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":7336,"midstream":1,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":35,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455784398894,"flow_dst_last_pkt_time":1561455784357701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":1098,"flow_src_tot_l4_payload_len":45824,"flow_dst_tot_l4_payload_len":21351,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1561455770313920,"flow_src_last_pkt_time":1561455779337361,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
+01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1561455770313920,"flow_src_last_pkt_time":1561455779337361,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}}
00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455792270823,"flow_dst_last_pkt_time":1561455769812753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455792270570,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455792273279,"flow_src_last_pkt_time":1561455795276739,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
-00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":781,"packets-processed":781,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":311775,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":13,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":111,"global_ts_usec":1561455795283003}
+01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455792273279,"flow_src_last_pkt_time":1561455795276739,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250"}}
+00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":781,"packets-processed":781,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":311775,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":13,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":111,"global_ts_usec":1561455795283003}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 781/781
~~ skipped flows.............: 0
@@ -117,9 +117,9 @@
~~ total active/idle flows...: 14/14
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7540994 bytes
-~~ total memory freed........: 7540994 bytes
-~~ total allocations/frees...: 126798/126798
+~~ total memory allocated....: 8478621 bytes
+~~ total memory freed........: 8478621 bytes
+~~ total allocations/frees...: 145672/145672
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 546 chars
~~ json message max len.......: 2441 chars
Powered by cgit, Themed by Ted Yin.