summaryrefslogtreecommitdiff
path: root/test/results/default/zoom.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/zoom.pcap.out')
-rw-r--r--test/results/default/zoom.pcap.out41
1 files changed, 21 insertions, 20 deletions
diff --git a/test/results/default/zoom.pcap.out b/test/results/default/zoom.pcap.out
index 906fa012d..1c861afdf 100644
--- a/test/results/default/zoom.pcap.out
+++ b/test/results/default/zoom.pcap.out
@@ -75,6 +75,7 @@
00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469341990,"flow_dst_last_pkt_time":1569520469341987,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1569520469341990,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB\/AABAAEAGdGzAqAF1I7rgNdJwAbu\/4YPj2uaJRIAYEACuSgAAAQEICiWc2ySFp5bjD8rJVgENkhz7SGo+3tsT+62YMYedQzLcJKiig4pAH+hO24ZoiQ1LNK0ZidRBnPFEPrr+zH4y+BGqQ1wCDA9XJFEjegtqGmZzuBXv"}
01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520469341987,"flow_src_last_pkt_time":1569520469341990,"flow_dst_last_pkt_time":1569520469341987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":75,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1443,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520469341990,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469341990,"flow_dst_last_pkt_time":1569520469354376,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520469354376,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA07H8AAHcGkTcjuuA1wKgBdQG70nDa5olEv+GD44AQA\/fBegAAAQEICoWn6LklnNsk"}
+00931{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1569520469341987,"flow_src_last_pkt_time":1569520469341990,"flow_dst_last_pkt_time":1569520469354376,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":75,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1443,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520469354376,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1569520469341990,"flow_dst_last_pkt_time":1569520469354395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520469354395,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA07IAAAHcGkTYjuuA1wKgBdQG70nDa5olEv+GELoAQA\/fBLwAAAQEICoWn6LklnNsk"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469356931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520469356931,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8r3lAADEREA2i\/yUOwKgBdQ2WXV8AKOI\/AAIADMFdrmNYXRQ5LlgsJgQDvzABAwAIAAH\/dVC03O8="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469366274,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520469366274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8r4BAADEREAai\/yUOwKgBdQ2WXV8AKOI\/AAIADMFdrmNYXRQ5LlgsJgQDvzABAwAIAAH\/dVC03O8="}
@@ -120,7 +121,7 @@
01182{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470280367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470280367,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1"}}}
01506{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470280708,"flow_dst_last_pkt_time":1569520470280793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470280793,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}}
00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470350181,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520470350181,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjK4AAAAQEICiWc3wRwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
-01987{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470618561,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520470618561,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":38469.9,"max":210729,"stddev":59394.9,"var":3527759616.0,"ent":3.3,"data": [112386,112530,31116,143960,1761,226,34,114802,166,170,7182,2922,121940,111900,4272,3,116559,98015,494,36,210729,39,183,114,242,129,123,246,127,13,148]},"pktlen": {"min":40,"avg":663.0,"max":1492,"stddev":660.1,"var":435695.1,"ent":4.2,"data": [64,52,40,557,46,1492,1492,1492,40,1292,40,40,231,91,40,731,850,46,1492,1492,1492,40,40,1492,1492,40,1492,1492,40,1492,445,40]},"bins": {"c_to_s": [11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0],"entropies": [4.416232109,4.853979111,4.521928310,4.120527744,4.501398087,7.132670879,7.329687119,7.314774990,4.730641365,7.640571117,4.630640984,4.680641174,6.885639668,5.726258755,4.730641365,7.684801102,7.726203442,4.457919598,7.862352848,7.860615253,7.859583378,4.680641174,4.621928692,7.878399849,7.862105846,4.680641174,7.872378349,7.851402760,4.630641460,7.881779194,7.526136398,4.561769009]}}
+02175{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470618561,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520470618561,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":38469.9,"max":210729,"stddev":59394.9,"var":3527759616.0,"ent":3.3,"data": [112386,112530,31116,143960,1761,226,34,114802,166,170,7182,2922,121940,111900,4272,3,116559,98015,494,36,210729,39,183,114,242,129,123,246,127,13,148]},"pktlen": {"min":40,"avg":663.0,"max":1492,"stddev":660.1,"var":435695.1,"ent":4.2,"data": [64,52,40,557,46,1492,1492,1492,40,1292,40,40,231,91,40,731,850,46,1492,1492,1492,40,40,1492,1492,40,1492,1492,40,1492,445,40]},"bins": {"c_to_s": [11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0],"entropies": [4.416232109,4.853979111,4.521928310,4.120527744,4.501398087,7.132670879,7.329687119,7.314774990,4.730641365,7.640571117,4.630640984,4.680641174,6.885639668,5.726258755,4.730641365,7.684801102,7.726203442,4.457919598,7.862352848,7.860615253,7.859583378,4.680641174,4.621928692,7.878399849,7.862105846,4.680641174,7.872378349,7.851402760,4.630641460,7.881779194,7.526136398,4.561769009]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
01510{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470618561,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520470618561,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520470666966,"flow_src_last_pkt_time":1569520470666966,"flow_dst_last_pkt_time":1569520470666966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470666966,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1569520470666966,"flow_dst_last_pkt_time":1569520470666966,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520470666966,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABI4PAAAEARFPDAqAF1wKgB\/+EV4RUANLyaU3BvdFVkcDAJFTOWktM6lAABAARIlcIDDi3QR5gZLZgtSkZtNr91y8rdz4k="}
@@ -203,7 +204,7 @@
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1569520471915269,"flow_dst_last_pkt_time":1569520471939806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_usec":1569520471939806,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApuqhAADURuzxtXqBjwKgBdSJh7MwAFUSkAwAAAAF2Ko4UAFoOPwAAAAAA"}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1569520471940080,"flow_dst_last_pkt_time":1569520471939806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1569520471940080,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAp\/q0AAEARrDfAqAF1bV6gY+zMImEAFUOkBAAAAAF2Ko4UAFoOPw=="}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1569520471948060,"flow_dst_last_pkt_time":1569520471939806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1569520471948060,"pkt":"EBMx8Tl2KDc3AG3ICABFAABbUt8AAEARV9TAqAF1bV6gY+zMImEAR0iqBQwBIY6cOSjESy+pAnBygi5W9gEABAIBAAAAAAAAAAEAAAAWZGF0YV9iaW5kX3JlcGxhY2VfZmxhZwIAAAAB"}
-02329{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1569520471748648,"flow_src_last_pkt_time":1569520471785584,"flow_dst_last_pkt_time":1569520472033049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":1029,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26845,"midstream":0,"thread_ts_usec":1569520472033049,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":28,"avg":10365.7,"max":35562,"stddev":8525.9,"var":72690992.0,"ent":4.5,"data": [31967,28,32217,4719,35562,13763,10264,10242,9996,63,10130,10327,9979,9966,107,9866,10246,10252,10251,126,10146,9980,10130,10478,32,9954,10261,9714,10315,406,9850]},"pktlen": {"min":41,"avg":872.8,"max":1057,"stddev":383.7,"var":147246.2,"ent":4.8,"data": [135,63,46,41,91,71,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057]},"bins": {"c_to_s": [1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [5.872597694,4.834421635,4.434307098,4.564153194,5.116748810,4.833924294,0.510210812,0.504684150,0.513590038,0.511697888,0.528077245,0.513589978,0.515482187,0.515482187,0.513590038,0.532575667,0.515482187,0.508318722,0.515482187,0.512875855,0.532575667,0.515482187,0.511697948,0.511697888,0.513590038,0.532575667,0.515482187,0.513589978,0.510983646,0.515482187,0.532575667,0.515482187]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+02204{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1569520471748648,"flow_src_last_pkt_time":1569520471785584,"flow_dst_last_pkt_time":1569520472033049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":1029,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26845,"midstream":0,"thread_ts_usec":1569520472033049,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":28,"avg":10365.7,"max":35562,"stddev":8525.9,"var":72690992.0,"ent":4.5,"data": [31967,28,32217,4719,35562,13763,10264,10242,9996,63,10130,10327,9979,9966,107,9866,10246,10252,10251,126,10146,9980,10130,10478,32,9954,10261,9714,10315,406,9850]},"pktlen": {"min":41,"avg":872.8,"max":1057,"stddev":383.7,"var":147246.2,"ent":4.8,"data": [135,63,46,41,91,71,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057]},"bins": {"c_to_s": [1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [5.872597694,4.834421635,4.434307098,4.564153194,5.116748810,4.833924294,0.510210812,0.504684150,0.513590038,0.511697888,0.528077245,0.513589978,0.515482187,0.515482187,0.513590038,0.532575667,0.515482187,0.508318722,0.515482187,0.512875855,0.532575667,0.515482187,0.511697948,0.511697888,0.513590038,0.532575667,0.515482187,0.513589978,0.510983646,0.515482187,0.532575667,0.515482187]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1569520472536483,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520472536483,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjCmAAAAQEICiWc50xwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520473084563,"flow_src_last_pkt_time":1569520473084563,"flow_dst_last_pkt_time":1569520473084563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":109,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473084563,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1569520473084563,"flow_dst_last_pkt_time":1569520473084563,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_usec":1569520473084563,"pkt":"EBMx8Tl2KDc3AG3ICABFAACJ4\/YAAEARxo7AqAF1bV6gY\/EjImEAde5DAQACOkSxT2rBSy0CI5EJ7ghSoQAAAAAAAAACAHoFYgB6BWIAAABAyr1YPP8KZ34wUqB9PR5Zle\/sBvgfAfGBqNzDFPjrnryOYaOvAtAdhsk5Sd978V5OWjrnwByNSAVBXX+sDOwgiv\/\/\/\/8KAA=="}
@@ -212,42 +213,42 @@
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1569520473084563,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_usec":1569520473116083,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApvWFAADURuINtXqBjwKgBdSJh8SMAFalIAwAAAAF2KpKmAFoORAAAAAAA"}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1569520473116331,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1569520473116331,"pkt":"EBMx8Tl2KDc3AG3ICABFAAApU1gAAEARV43AqAF1bV6gY\/EjImEAFahIBAAAAAF2KpKmAFoORA=="}
00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1569520473121070,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1569520473121070,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDmwAAEARnEPAqAF1bV6gY\/EjImEAS0M9BQ0AAAAMASGOnDkoxEsvqQJwcoIuVvYBAAQDAgAAAAAAAAABAAAAFmRhdGFfYmluZF9yZXBsYWNlX2ZsYWcCAAAAAQ=="}
-01057{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520469423595,"flow_src_last_pkt_time":1569520469433729,"flow_dst_last_pkt_time":1569520469423595,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00932{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520469423595,"flow_src_last_pkt_time":1569520469433729,"flow_dst_last_pkt_time":1569520469423595,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469036433,"flow_src_last_pkt_time":1569520469036433,"flow_dst_last_pkt_time":1569520469072146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469797670,"flow_src_last_pkt_time":1569520469797670,"flow_dst_last_pkt_time":1569520469797670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469072220,"flow_src_last_pkt_time":1569520469072220,"flow_dst_last_pkt_time":1569520469072220,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469072220,"flow_src_last_pkt_time":1569520469072220,"flow_dst_last_pkt_time":1569520469072220,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01052{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00774{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520471147573,"flow_src_last_pkt_time":1569520471147573,"flow_dst_last_pkt_time":1569520471188152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":54,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","proto_id":"5.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520472536483,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":796,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520472536483,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":796,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1569520468399032,"flow_src_last_pkt_time":1569520468399309,"flow_dst_last_pkt_time":1569520468399032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1569520473084563,"flow_src_last_pkt_time":1569520473170187,"flow_dst_last_pkt_time":1569520473198709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":114,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1569520473084563,"flow_src_last_pkt_time":1569520473170187,"flow_dst_last_pkt_time":1569520473198709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":114,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00958{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469435439,"flow_dst_last_pkt_time":1569520469435372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":110,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469435439,"flow_dst_last_pkt_time":1569520469435372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":110,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469430881,"flow_dst_last_pkt_time":1569520469430777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":758,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1466,"flow_dst_tot_l4_payload_len":5833,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470454378,"flow_dst_last_pkt_time":1569520470449389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1614,"flow_dst_tot_l4_payload_len":15671,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469430881,"flow_dst_last_pkt_time":1569520469430777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":758,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1466,"flow_dst_tot_l4_payload_len":5833,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470454378,"flow_dst_last_pkt_time":1569520470449389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1614,"flow_dst_tot_l4_payload_len":15671,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470628076,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469242043,"flow_dst_last_pkt_time":1569520469399008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
-01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469375868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
-01216{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469274880,"flow_dst_last_pkt_time":1569520469433682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466209429,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469242043,"flow_dst_last_pkt_time":1569520469399008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469375868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469274880,"flow_dst_last_pkt_time":1569520469433682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466209429,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520470666966,"flow_src_last_pkt_time":1569520470666966,"flow_dst_last_pkt_time":1569520470666966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
01229{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520471535462,"flow_dst_last_pkt_time":1569520471572328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":866,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1526,"flow_dst_tot_l4_payload_len":1399,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520470742102,"flow_src_last_pkt_time":1569520470742102,"flow_dst_last_pkt_time":1569520470776015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","proto_id":"5.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520471165736,"flow_dst_last_pkt_time":1569520471166772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":6328,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520471165818,"flow_dst_last_pkt_time":1569520471166785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":6320,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520471165736,"flow_dst_last_pkt_time":1569520471166772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":6328,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520471165818,"flow_dst_last_pkt_time":1569520471166785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":6320,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520468922117,"flow_src_last_pkt_time":1569520468922117,"flow_dst_last_pkt_time":1569520468958056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","proto_id":"5.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":175,"flow_first_seen":1569520471748648,"flow_src_last_pkt_time":1569520473190248,"flow_dst_last_pkt_time":1569520473189996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1029,"flow_dst_max_l4_payload_len":1029,"flow_src_tot_l4_payload_len":7386,"flow_dst_tot_l4_payload_len":177079,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520471156543,"flow_dst_last_pkt_time":1569520471156659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":6322,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00787{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520471159604,"flow_dst_last_pkt_time":1569520471159577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":5902,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":175,"flow_first_seen":1569520471748648,"flow_src_last_pkt_time":1569520473190248,"flow_dst_last_pkt_time":1569520473189996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1029,"flow_dst_max_l4_payload_len":1029,"flow_src_tot_l4_payload_len":7386,"flow_dst_tot_l4_payload_len":177079,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520471156543,"flow_dst_last_pkt_time":1569520471156659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":6322,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+01111{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520471159604,"flow_dst_last_pkt_time":1569520471159577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":5902,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520470741922,"flow_src_last_pkt_time":1569520470741922,"flow_dst_last_pkt_time":1569520470768577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","proto_id":"5.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520467811636,"flow_src_last_pkt_time":1569520471399595,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":94,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1569520471915269,"flow_src_last_pkt_time":1569520473157959,"flow_dst_last_pkt_time":1569520471971540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":91,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+01078{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520467811636,"flow_src_last_pkt_time":1569520471399595,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":94,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
+00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1569520471915269,"flow_src_last_pkt_time":1569520473157959,"flow_dst_last_pkt_time":1569520471971540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":91,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520468207892,"flow_src_last_pkt_time":1569520468207892,"flow_dst_last_pkt_time":1569520468207892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1569520469341987,"flow_src_last_pkt_time":1569520469402528,"flow_dst_last_pkt_time":1569520469413824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1489,"flow_dst_tot_l4_payload_len":4294,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":127,"flow_dst_packets_processed":83,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520473190218,"flow_dst_last_pkt_time":1569520473152463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":45724,"flow_dst_tot_l4_payload_len":12028,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469984408,"flow_src_last_pkt_time":1569520469984408,"flow_dst_last_pkt_time":1569520470021639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","proto_id":"5.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":700,"packets-processed":697,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":250,"global_ts_usec":1569520473198709}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":700,"packets-processed":697,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":25,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":251,"global_ts_usec":1569520473198709}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 700/697
~~ skipped flows.............: 0
Powered by cgit, Themed by Ted Yin.