summaryrefslogtreecommitdiff
path: root/test/results/gnutella.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/gnutella.pcap.out')
-rw-r--r--test/results/gnutella.pcap.out462
1 files changed, 231 insertions, 231 deletions
diff --git a/test/results/gnutella.pcap.out b/test/results/gnutella.pcap.out
index 14f5c99ff..dfeaf1929 100644
--- a/test/results/gnutella.pcap.out
+++ b/test/results/gnutella.pcap.out
@@ -16,7 +16,7 @@
00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":10750,"flow_last_seen":10750,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":10750,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12446,"flow_last_seen":12446,"flow_idle_time":200000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":12446,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":12446,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_msec":12446,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAAFWW8sAAIAR3cwAAAAA\/\/\/\/\/wBEAEMBQgLkAQEGAKZ4S30AAAAAAAAAAAAAAAAAAAAAAAAAAAgAJ+blWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDPQcBCAAn5uVZMgQKAAIPDAtNU0VER0VXSU4xMFEOAAAATVNFREdFV0lOMTA8CE1TRlQgNS4wNw4BAwYPHyErLC4vd3n5\/P8="}
-00718{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12446,"flow_last_seen":12446,"flow_idle_time":200000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":12446,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"msedgewin10","fingerprint":"1,3,6,15,31,33,43,44,46,47,119","class_ident":"MSFT 5.0"}}
+00730{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12446,"flow_last_seen":12446,"flow_idle_time":200000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":12446,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"msedgewin10","fingerprint":"1,3,6,15,31,33,43,44,46,47,119,121,249,252","class_ident":"MSFT 5.0"}}
00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12447,"flow_last_seen":12447,"flow_idle_time":200000,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":0,"thread_ts_msec":12447,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":12447,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":12447,"pkt":"CAAn5uVZUlQAEjUCCABFEAJAAAAAAEARYI0KAAICCgACDwBDAEQCLAYSAgEGAKZ4S30AAAAACgACDwoAAg8KAAIEAAAAAAgAJ+blWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATVNFZGdlIC0gV2luMTAucHhlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFAQT\/\/\/8AAwQKAAICBgQKAAIDDwNsYW4zBAABUYA2BAoAAgL\/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12447,"flow_last_seen":12447,"flow_idle_time":200000,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":0,"thread_ts_msec":12447,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
@@ -760,51 +760,71 @@
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":89733,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89733,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nYFAAIAGGXcKAAIPSsPs+cRxSH3g2g3bAAAAAIAC+vA0rwAAAgQFtAEDAwgBAQQC"}
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":89829,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89829,"pkt":"UlQAEjUCCAAn5uVZCABFAABtBGAAAIARhQ4KAAIPYEFEwnAJipkAWRiep7MxAim3LsYw33fFcko2zkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":89829,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89829,"pkt":"UlQAEjUCCAAn5uVZCABFAABtYHgAAIARZpQKAAIPtVSyEHAJ62YAWWkRdMAxAjueygYrMQV+6lVI4UQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":89829,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89829,"pkt":"UlQAEjUCCAAn5uVZCABFAABtDeAAAIARAL4KAAIPQh7dtXAJLuwAWQScCKYxAn7wSVwJearIKZuX\/UQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_last_seen":89964,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":89964,"pkt":"CAAn5uVZUlQAEjUCCABFAALzAzsAAEARw61gQUTCCgACD4qZcAkC3\/jzp7MxAim3LsYw33fFcko2zkQAAMACAAAGR1RLRwAAKfRYs\/Fa1CmeYJshGT65b9iJmmUEYEFEwoqZAQAAAARL51cQFEdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="}
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89966,"flow_last_seen":89966,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89966,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":89966,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89966,"pkt":"UlQAEjUCCAAn5uVZCABFAABthPwAAIARBkMKAAIPLVh12nAJGv0AWWOTCPExAoCeF40w0KwTJyzTOUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89966,"flow_last_seen":89966,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89966,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89966,"flow_last_seen":89966,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89966,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":89966,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89966,"pkt":"UlQAEjUCCAAn5uVZCABFAABteN4AAIAR6HgKAAIPM0SZ1nAJZo0AWRfF0U0xAgQATbK3Z+3BHrxn1kQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89966,"flow_last_seen":89966,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89966,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89967,"flow_last_seen":89967,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89967,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":89967,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89967,"pkt":"UlQAEjUCCAAn5uVZCABFAABtv\/sAAIAR2k0KAAIPucvaXHAJ3oIAWehILgsxAjPZohvFNPL\/fzMDzUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":792,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89967,"flow_last_seen":89967,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89967,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01405{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_last_seen":90003,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90003,"pkt":"CAAn5uVZUlQAEjUCCABFAALzAzwAAEARm5UzRJnWCgACD2aNcAkC356C0U0xAgQATbK3Z+3BHrxn1kQAAMACAAAGR1RLRwAAP8uu0MEeyu8HazDjgCpjZAKtBhAEM0SZ1maNAQAAAAT9K4fbFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90004,"flow_last_seen":90004,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90004,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":90004,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90004,"pkt":"UlQAEjUCCAAn5uVZCABFAABtaUEAAIARBHsKAAIPSIx4KXAJunsAWfVM+10xAo9f69NRsDNb4\/pKE0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90004,"flow_last_seen":90004,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90004,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90005,"flow_last_seen":90005,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":90005,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90005,"pkt":"UlQAEjUCCAAn5uVZCABFAABtgogAAIAR60AKAAIPwSX\/gnAJ8LAAWXkqrf0xAupVi8ylWZxhuwdOwkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90005,"flow_last_seen":90005,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90005,"flow_last_seen":90005,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":90005,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90005,"pkt":"UlQAEjUCCAAn5uVZCABFAABt+\/sAAIARkCYKAAIPWHhJ13AJX\/IAWfWM7VYxAm\/Ch\/PFy9OUV6XMR0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90005,"flow_last_seen":90005,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":2,"flow_last_seen":90038,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90038,"pkt":"CAAn5uVZUlQAEjUCCABFAALzAz0AAEARxl9YeEnXCgACD1\/ycAkC3xJi7VYxAm\/Ch\/PFy9OUV6XMR0QAAMACAAAGR1RLRwAADJe19wd9tDyoR\/wXh6nJoKWkNEIEWHhJ11\/yAQAAAATxtX5bFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqkdUS0cAABK1XVsEZ16ugW6JpsS4xfhpSq81BEjJ0DmW2Q=="}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":798,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":90039,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90039,"pkt":"UlQAEjUCCAAn5uVZCABFAABt7XgAAIAREsUKAAIPUD3d9nAJd3EAWbzbp0UxAokhPuR+ZJu6wwLrOkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":798,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":799,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":90039,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90039,"pkt":"UlQAEjUCCAAn5uVZCABFAABtEcIAAIARHzsKAAIPYPacfnAJxHkAWRCy7dwxAiOKI2B1HBL1\/IoOJUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":799,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":800,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":90039,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90039,"pkt":"UlQAEjUCCAAn5uVZCABFAABtsx4AAIARLMMKAAIPUrX72nAJjhAAWVPSkYYxArzIs2GmVy70sFjiYEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":2,"flow_last_seen":90071,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90071,"pkt":"CAAn5uVZUlQAEjUCCABFAALzAz4AAEAROnpQPd32CgACD3dxcAkC3wb\/p0UxAokhPuR+ZJu6wwLrOkQAAMACAAAGR1RLRwAADWk0EbJTji7xq2N2EERly+h8FzIEUD3d9ndxAQAAAATOg6hoFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="}
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":802,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90072,"flow_last_seen":90072,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90072,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":90072,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90072,"pkt":"UlQAEjUCCAAn5uVZCABFAABthFwAAIARuZsKAAIPGBrYX3AJNkEAWZh4MEMxAu0STIEN6nLhhZZqvEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":802,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90072,"flow_last_seen":90072,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90072,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90072,"flow_last_seen":90072,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90072,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":90072,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90072,"pkt":"UlQAEjUCCAAn5uVZCABFAABt0UkAAIARidsKAAIPZ+hrZHAJqfQAWVSlBkIxAi75axRUS7XsWs\/C60QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90072,"flow_last_seen":90072,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90072,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":804,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90073,"flow_last_seen":90073,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90073,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":90073,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90073,"pkt":"UlQAEjUCCAAn5uVZCABFAABtDzkAAIARfk0KAAIPLoBya3AJGbIAWQrBwagxArEYlVcnjAyV6XOvHEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":804,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90073,"flow_last_seen":90073,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90073,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":2,"flow_last_seen":90132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90132,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0EAAEARqALBJf+CCgACD\/CwcAkC35hMrf0xAupVi8ylWZxhuwdOwkQAAMACAAAGR1RLRwAAC5wNVaWmIUX476YAPO2IwX6VsyAEwSX\/gvCwAQAAAASWmcaYFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="}
01406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":2,"flow_last_seen":90137,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90137,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0IAAEARx74ugHJrCgACDxmycAkC32FSwagxArEYlVcnjAyV6XOvHEQAAMACAAAGR1RLRwAAGIXhRHN5ftV2L3caNPMmmEQDSzUELoByaxmyAQAAAARlWXO2FEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":90138,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90138,"pkt":"UlQAEjUCCAAn5uVZCABFAABtxUwAAIAR+3EKAAIPPPEwwnAJUzUAWWdCqc0xAhWpgpzJQk2EqzRt70QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":90138,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90138,"pkt":"UlQAEjUCCAAn5uVZCABFAABtRC0AAIARXOYKAAIPWUs0E3AJs7oAWZEdEsYxApinpNiOVYwKMx8qLUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":90138,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90138,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTM8AAIAR3pQKAAIPUtmwNHAJHRYAWfrhGukxApDm6ECPcKUTk+0ioUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":90182,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90182,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0MAAEAR20pZSzQTCgACD7O6cAkC35hjEsYxApinpNiOVYwKMx8qLUQAAMACAAAGR1RLRwAAGcOxs9Yotu5YI3ngDJa2NEz7hxIEWUs0E7O6AQAAAAQphpmTFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjVdTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNVdTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqkdUS0cAABZMZh8YJqCRZ8rsFWpJujOrF1VMBFHNWy2cyQ=="}
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90183,"flow_last_seen":90183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":90183,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90183,"pkt":"UlQAEjUCCAAn5uVZCABFAABtGYoAAIAR6JkKAAIPXwrNQ3AJLVMAWdsMrwExAn9FQ02TKgtsdnbe2UQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90183,"flow_last_seen":90183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90184,"flow_last_seen":90184,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90184,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":90184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90184,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTH0AAIARTyMKAAIPy9zG9HAJBKoAWeojZPExAoo7ciOaCRHkTxe8NEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90184,"flow_last_seen":90184,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90184,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_last_seen":90267,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90267,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0QAAEARAUO1VLIQCgACD+tmcAkC3zlLdMAxAjueygYrMQV+6lVI4UQAAMACAAAGR1RLRwAAKnLYr\/aGTLaMbt4HEbnkS5LKRh0EtVSyEOtmAQAAAAQDkoiwFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjVdTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqkdUS0cAAGqU5DC0wpx7Tt\/+AtuQJkODlGIrBC\/cuoxr+UdUS0cAAGSQPhJYYczqO9fA1uqwCWebPjcpBMEgftbozEdUS0cAAGfwY9tAxh1AXF0ZU2EOIfqDQ08tBHbwRccYzA=="}
01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":2,"flow_last_seen":90386,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90386,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0UAAEARlVpn6GtkCgACD6n0cAkC312iBkIxAi75axRUS7XsWs\/C60QAAMACAAAGR1RLRwAABkx5M4bYu4J4fOkW\/7Sl8nWo53gEZ+hrZKn0AQAAAASAlqYNFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="}
01406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":90452,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90452,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0YAAEAR+vI88TDCCgACD1M1cAkC31EXqc0xAhWpgpzJQk2EqzRt70QAAMACAAAGR1RLRwAAGN\/m\/5SuT3RX9Y8zGKdBIhyITj8EPPEwwlM1AQAAAASjKCcfFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="}
@@ -918,7 +938,7 @@
00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":911,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90743,"flow_last_seen":90785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":50301,"dst_port":54130,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":2,"flow_last_seen":90787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90787,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA2cAAEAGHo9QB\/zACgACDxroxIoAs7ABAD7ueWAS\/\/\/AYAAAAgQFtA=="}
00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":3,"flow_last_seen":90787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90787,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoIw9AAIAGfuoKAAIPUAf8wMSKGugAPu55ALOwAlAQ+vDdLAAA"}
-01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":920,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":90787,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01138{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":920,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":90787,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":2,"flow_last_seen":90795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90795,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA24AAEAGymQugHJrCgACDxmyxHoAtKoBziHWF2AS\/\/++AAAAAgQFtA=="}
00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":3,"flow_last_seen":90796,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90796,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoDztAAIAGPpsKAAIPLoBya8R6GbLOIdYXALSqAlAQ+vDazAAA"}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":2,"flow_last_seen":90799,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90799,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA3IAAEAGvK6khAoZCgACD9gGxJIAtaQBToGf\/mAS\/\/+tmgAAAgQFtA=="}
@@ -936,7 +956,7 @@
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90845,"flow_last_seen":90845,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":90845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":11852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_last_seen":90845,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":90845,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4c0wAAIARymUKAAIPvD00t3AJLkwAJK1JGu4xAkJx0f\/\/24\/JSJ6wAwABAAUAAADDglFLQA=="}
00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1005,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90740,"flow_last_seen":90850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90850,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
-01580{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1011,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90746,"flow_last_seen":90857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1724,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":90857,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=gtk-gnutella\/1.2.1","subjectDN":"CN=gtk-gnutella\/1.2.1","fingerprint":"E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93"}}
+01553{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1011,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90746,"flow_last_seen":90857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1724,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":90857,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=gtk-gnutella\/1.2.1","subjectDN":"CN=gtk-gnutella\/1.2.1","fingerprint":"E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93"}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":2,"flow_last_seen":90857,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":90857,"pkt":"CAAn5uVZUlQAEjUCCABFAAB0A6AAAEAReda8PTS3CgACDy5McAkAYD84Gu4xAkJx0f\/\/24\/JSJ6wAwEBAEEAAABMLrw9NLcAAAAACAAAAMMCVkNFR1RLR1cDR1VFQQICVVBDAgEHAkRVQ4BRAQNUTFNAA0RIVEMAAAGCUUtE7kD0pA=="}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1026,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90864,"flow_last_seen":90864,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":90864,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_last_seen":90864,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":90864,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4OIoAAIAR8bMKAAIPubtKrXAJ0PEAJMQW\/3wxAm1gREr\/fw\/7dxmzAwABAAUAAADDglFLQA=="}
@@ -970,7 +990,7 @@
00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1093,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":91058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91058,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":50311,"dst_port":49956,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":3,"flow_last_seen":91058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91058,"pkt":"UlQAEjUCCAAn5uVZCABFAAAouGtAAIAGyBQKAAIP3O6RUsSCgvcQKi\/UAMBiAlAQ+vBQWQAA"}
00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":91058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91058,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
-00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1098,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90742,"flow_last_seen":91059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91059,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1098,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90742,"flow_last_seen":91059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91059,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":2,"flow_last_seen":91062,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91062,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8wAAEAG\/T488TDCCgACD1M1xIUAwVwBVNBhD2AS\/\/\/z9wAAAgQFtA=="}
00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":3,"flow_last_seen":91062,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91062,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoxU5AAIAGu78KAAIPPPEwwsSFUzVU0GEPAMFcAlAQ+vAQxAAA"}
00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1102,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":91062,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":91062,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":50309,"dst_port":21301,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
@@ -1002,14 +1022,18 @@
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":3,"flow_last_seen":94638,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":94638,"pkt":"UlQAEjUCCAAn5uVZCABFAAA03z1AAIAGuFYKAAIPRK4Sc8RixfcTIeyiAAAAAIAC+vCG0QAAAgQFtAEDAwgBAQQC"}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1222,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95216,"flow_last_seen":95216,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95216,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":95216,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95216,"pkt":"UlQAEjUCCAAn5uVZCABFAABtOX8AAIAR2+8KAAIPSMnQOXAJltkAWSBpTGIxAqnQz8i8hdkTM6c6p0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1222,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95216,"flow_last_seen":95216,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95216,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1223,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95264,"flow_last_seen":95264,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_last_seen":95264,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95264,"pkt":"UlQAEjUCCAAn5uVZCABFAABteh0AAIARB1oKAAIPUc1bLXAJnMkAWTuNUisxAvjRH\/hajsQp0x+4CkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1223,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95264,"flow_last_seen":95264,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1224,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95264,"flow_last_seen":95264,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_last_seen":95264,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95264,"pkt":"UlQAEjUCCAAn5uVZCABFAABtBMUAAIARP0QKAAIPL9y6jHAJa\/kAWcmWUFgxAsm+7Dhb\/+NPw\/hwmEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95264,"flow_last_seen":95264,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":2,"flow_last_seen":95411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95411,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBAUAAEARfX4v3LqMCgACD2v5cAkC33tEUFgxAsm+7Dhb\/+NPw\/hwmEQAAMACAAAGR1RLRwAAapTkMLTCnHtO3\/4C25AmQ4OUYisEL9y6jGv5AQAAAAR8wXsRFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtUw=="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":3,"flow_last_seen":95412,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95412,"pkt":"UlQAEjUCCAAn5uVZCABFAABtYpsAAIARi98KAAIPwSB+1nAJ6MwAWeiNeJExAmLu0Xk4X2RsSVj1uUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1228,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95443,"flow_last_seen":95443,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95443,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1228,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_last_seen":95443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95443,"pkt":"UlQAEjUCCAAn5uVZCABFAABtP0UAAIARMnUKAAIPdvBFx3AJGMwAWTV1zcQxAjBRcglTz+ngOj6nIkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1228,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95443,"flow_last_seen":95443,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95443,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0sx9AAIAG7QUKAAIPUrX72sRljhBQLtKuAAAAAIAC+vCkLQAAAgQFtAEDAwgBAQQC"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vENAAIAGZKwKAAIPcfxbycRnEMmMdJG3AAAAAIAC+vCm7gAAAgQFtAEDAwgBAQQC"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA04CVAAIAGre0KAAIPJOc7u8Rm8xqBNdLHAAAAAIAC+vD77wAAAgQFtAEDAwgBAQQC"}
@@ -1019,47 +1043,64 @@
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":3,"flow_last_seen":95685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95685,"pkt":"UlQAEjUCCAAn5uVZCABFAABtBMYAAIARP0MKAAIPL9y6jHAJa\/kAWT8LpTgxAh8vpCECmjOT1kHZjEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95715,"flow_last_seen":95715,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95715,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":95715,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95715,"pkt":"UlQAEjUCCAAn5uVZCABFAABtSkUAAIARukUKAAIPbYS8YnAJ9YMAWQnlOt4xAkt+phdWa3WZX\/1iLEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1239,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95715,"flow_last_seen":95715,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95715,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95716,"flow_last_seen":95716,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95716,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":95716,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95716,"pkt":"UlQAEjUCCAAn5uVZCABFAABtyVMAAIARg0EKAAIPGKfJNXAJuLIAWdvQozIxAmeG11K2Zk+mg8cBskQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1240,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95716,"flow_last_seen":95716,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95716,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1241,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95716,"flow_last_seen":95716,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95716,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_last_seen":95716,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95716,"pkt":"UlQAEjUCCAAn5uVZCABFAABtGLgAAIARtUEKAAIPsGOwFHAJGMoAWdWFw\/gxApkT0lWtd136yOWRcEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95716,"flow_last_seen":95716,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95716,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01405{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":2,"flow_last_seen":95753,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95753,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBAoAAEARPftthLxiCgACD\/WDcAkC3zUCOt4xAkt+phdWa3WZX\/1iLEQAAMACAAAGR1RLRwAA4JsjIdkeuStic2CcxenuP1eRs7wEbYS8YvWDAQAAAATOKYIxFFdTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":3,"flow_last_seen":95754,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95754,"pkt":"UlQAEjUCCAAn5uVZCABFAABtBlcAAIAREjIKAAIPaO6s+nAJW\/wAWVUmk6UxAqo+0NIYX4FTPMU3uEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1244,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95754,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_last_seen":95754,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95754,"pkt":"UlQAEjUCCAAn5uVZCABFAABt5WoAAIARNr4KAAIPR+3KW3AJPvUAWTG5sdMxAjDioXa7maFRwy28tUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95754,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1245,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95754,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_last_seen":95754,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95754,"pkt":"UlQAEjUCCAAn5uVZCABFAABtX54AAIARHeoKAAIPXNlUEHAJTv8AWaUwJBUxAlN7nQQgyNq1K1wDakQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1245,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95754,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":2,"flow_last_seen":95773,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95773,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBAsAAEARB2mwY7AUCgACDxjKcAkC343Vw\/gxApkT0lWtd136yOWRcEQAAMACAAAGR1RLRwAA8snLCFuSuhsM38lDoCe4Q7IZIaMEsGOwFBjKAQAAAARm60BZFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="}
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_last_seen":95784,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95784,"pkt":"UlQAEjUCCAAn5uVZCABFAABtMiYAAIARW8MKAAIPXjZCUnAJ+JUAWU8lLkYxAuq77b+oti7DkMaMrEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":95784,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95784,"pkt":"UlQAEjUCCAAn5uVZCABFAABtkeMAAIARbpoKAAIPYOzNB3AJh+oAWd3xqy0xAvOz2v7bFV7JjaoOuEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":95784,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95784,"pkt":"UlQAEjUCCAAn5uVZCABFAABtcekAAIARV2IKAAIPrbe3bnAJ6hAAWRURh5oxAjZAPvXTOccHXf+KmUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":2,"flow_last_seen":95818,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95818,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBA0AAEARtvVc2VQQCgACD07\/cAkC3\/0wJBUxAlN7nQQgyNq1K1wDakQAAMACAAAGR1RLRwAA9cCVEE\/2P06nFdVsmWWAWjUBRZwEXNlUEE7\/AQAAAATtCo4VFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="}
01403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":2,"flow_last_seen":95892,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95892,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBA8AAEAROelg7M0HCgACD4fqcAkC3\/BRqy0xAvOz2v7bFV7JjaoOuEQAAMACAAAGR1RLRwAA+Ts9p8WeGiSZuDZKSPQI3121aXEEYOzNB4fqAQAAAASVRD4TFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo4w=="}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1254,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_last_seen":95893,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95893,"pkt":"UlQAEjUCCAAn5uVZCABFAABtptYAAIAR2P0KAAIPpIQKGXAJ2AYAWVxSIsUxAlnYy6KYCQUz3Ng+pkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1254,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1255,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_last_seen":95893,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95893,"pkt":"UlQAEjUCCAAn5uVZCABFAABtLrQAAIARfUcKAAIPuezIiXAJvA4AWfki1SYxAiU091nTuxkeneMv2EQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1255,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1256,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_last_seen":95893,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95893,"pkt":"UlQAEjUCCAAn5uVZCABFAABtxQIAAIAR4QoKAAIPvKXLvnAJVesAWQc1IDExAvwLw9eirMeJjOQnPkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1256,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":2,"flow_last_seen":95918,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95918,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBBEAAEAR33a8pcu+CgACD1XrcAkC37R2IDExAvwLw9eirMeJjOQnPkQAAMACAAAGR1RLRwAA0WC9XX1Cv4OMIP5Uj2dxFVfelx8EvKXLvlXrAQAAAAT+NOnnFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DldTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1259,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":95923,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95923,"pkt":"UlQAEjUCCAAn5uVZCABFAABtLi4AAIARXRAKAAIPLVh123AJGv0AWeqxHFUxAta++c2ylLcKBb\/ez0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1259,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1260,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":95923,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95923,"pkt":"UlQAEjUCCAAn5uVZCABFAABtEcQAAIARHzkKAAIPYPacfnAJ2wYAWfibSFoxAjjwuKgFGYZC9XxYD0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1260,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_last_seen":95923,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95923,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTeMAAIAR4qYKAAIPSfqz7XAJUXAAWYypWMIxAuib5nRI0KcHRTGrFEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1261,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":2,"flow_last_seen":95941,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95941,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBBIAAEARuTykhAoZCgACD9gGcAkC39H3IsUxAlnYy6KYCQUz3Ng+pkQAAMACAAAGR1RLRwAAwkI+xsLIWLYQq6EiNHwU7EsyAwwEpIQKGdgGAQAAAAQMPEZKFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="}
01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":2,"flow_last_seen":95956,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95956,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBBMAAEARArOtt7duCgACD+oQcAkC3zGfh5oxAjZAPvXTOccHXf+KmUQAAMACAAAGR1RLRwAA\/YvF6OaM0g0Esl9zeFHFBmeEb50Erbe3buoQAQAAAASYSwA1FEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo4w=="}
01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":2,"flow_last_seen":96048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":96048,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBBQAAEARafBJ+rPtCgACD1FwcAkC30eYWMIxAuib5nRI0KcHRTGrFEQAAMACAAAGR1RLRwAA1jyfIL1wKx4dMkSe+\/yFksXUYD4ESfqz7VFwAQAAAASK6DCmFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1265,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_last_seen":96049,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":96049,"pkt":"UlQAEjUCCAAn5uVZCABFAABtwDYAAIARi2oKAAIPU6CPMHAJkKwAWa9gWsoxAsGbN6aupxEpyf\/jN0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1265,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1266,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_last_seen":96049,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":96049,"pkt":"UlQAEjUCCAAn5uVZCABFAABtFDIAAIARzrMKAAIPZAHninAJ3O4AWZFZFoUxAuK7tbNnNS+8oB5EGUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_last_seen":96049,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":96049,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTdQAAIARVqAKAAIPVBw14XAJrzsAWZ3TvxoxApctlOGi4VjuIFMFmUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":3,"flow_last_seen":96404,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":96404,"pkt":"UlQAEjUCCAAn5uVZCABFAAA8c1IAAIARylsKAAIPvD00t3AJLkwAKChuYiUKBgACAwMAAAAAAAAAADEBAAkAAABHVEtHCQABAAA="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_last_seen":96685,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":96685,"pkt":"UlQAEjUCCAAn5uVZCABFAAA068VAAIAGCcsKAAIPXoaansRp03KjrVDkAAAAAIAC+vDifQAAAgQFtAEDAwgBAQQC"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1278,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":3,"flow_last_seen":96685,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":96685,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IMxAAIAG1hsKAAIPY8eUBsRoEPJVbcPeAAAAAIAC+vCBnAAAAgQFtAEDAwgBAQQC"}
@@ -1077,13 +1118,17 @@
01405{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":2,"flow_last_seen":100920,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":100920,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBEAAAEARxyNeNkJSCgACD\/iVcAkC34d4LkYxAuq77b+oti7DkMaMrEQAAMACAAAGR1RLRwAA+wNHJRwgXbAuWugSpAUSxJsCHL8EXjZCUviVAQAAAAR+IhyrFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="}
00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_last_seen":101122,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101122,"pkt":"UlQAEjUCCAAn5uVZCABFAABt2AwAAIARIW0KAAIPy9xpG3AJSzwAWVR20YMxAsOjfW6uj7unlpr730QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":101122,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101122,"pkt":"UlQAEjUCCAAn5uVZCABFAABt42oAAIAR9S4KAAIPXHX5YnAJGp8AWRo4clsxAgMe5rjiFfxxH3X\/E0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1452,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":101122,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101122,"pkt":"UlQAEjUCCAAn5uVZCABFAABt9MQAAIARu2EKAAIPUkAsC3AJBUgAWavKICYxAiIojdyDEATTYjr6S0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1452,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01405{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":2,"flow_last_seen":101161,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":101161,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBIEAAEAR6R9SQCwLCgACDwVIcAkC356IICYxAiIojdyDEATTYjr6S0QAAMACAAAGR1RLRwAAs3LU9XX2K5mbs3OMTMwDrBQ47bYEUkAsCwVIAQAAAASFeL+FFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIanw=="}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101162,"flow_last_seen":101162,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101162,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_last_seen":101162,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101162,"pkt":"UlQAEjUCCAAn5uVZCABFAABte4oAAIAR7VcKAAIPLR+YcHAJaOMAWVACTGsxArv8OnSqKZfgjqpR7EQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101162,"flow_last_seen":101162,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101162,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":3,"flow_last_seen":101163,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101163,"pkt":"UlQAEjUCCAAn5uVZCABFAABtYHkAAIARZpMKAAIPtVSyEHAJ62YAWXddengxAvwV4+vWhWE2kdf1ukQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":3,"flow_last_seen":101259,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101259,"pkt":"UlQAEjUCCAAn5uVZCABFAABtBGcAAIARhQcKAAIPYEFEwnAJipkAWaF8mwwxArcB6GYWxEVcLYtOuEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":3,"flow_last_seen":101259,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101259,"pkt":"UlQAEjUCCAAn5uVZCABFAABteOQAAIAR6HIKAAIPM0SZ1nAJZo0AWYTH3zwxAjTRxsrRaTsZKs8ZWEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
@@ -1091,6 +1136,7 @@
01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":2,"flow_last_seen":101305,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":101305,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBIUAAEARodctH5hwCgACD2jjcAkC3267TGsxArv8OnSqKZfgjqpR7EQAAMACAAAGR1RLRwAAsVtn4eBIiuGjRFoZE1N3WpOAxkUELR+YcGjjAQAAAAQ+cByLFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO0dUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="}
00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1479,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101837,"flow_last_seen":101837,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101837,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_last_seen":101837,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101837,"pkt":"UlQAEjUCCAAn5uVZCABFAABtAsIAAIAR5ekKAAIP1eVv4HAJEwwAWTJ5PKcxAijtzcGdOPipHVZyGEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1479,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101837,"flow_last_seen":101837,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101837,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1538,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":3,"flow_last_seen":106200,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":106200,"pkt":"UlQAEjUCCAAn5uVZCABFAABtgo8AAIAR6zkKAAIPwSX\/gnAJ8LAAWcdbqxExAsF5aprYo0LmkOznoEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":3,"flow_last_seen":106200,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":106200,"pkt":"UlQAEjUCCAAn5uVZCABFAABt7XkAAIAREsQKAAIPUD3d9nAJd3EAWRpRkUIxAvIfqgvF6WkSbnxZFUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_last_seen":106314,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":106314,"pkt":"UlQAEjUCCAAn5uVZCABFAABtDeEAAIARAL0KAAIPQh7dtXAJLuwAWUvy0dkxAnflHs8XZg0HoKrR0EQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
@@ -1124,6 +1170,7 @@
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1982,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_last_seen":115702,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":115702,"pkt":"CAAn5uVZUlQAEjUCCABFAABKBegAAEARWf8OyP\/lCgACD5DCcAkANl\/hLGAxAs8iaaH\/Df9W3JltAwEBABcAAADCkA7I\/+WyNgAAAAAgAMOCUUtEGERIlw=="}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":116628,"flow_last_seen":116628,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":116628,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":116628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":116628,"pkt":"UlQAEjUCCAAn5uVZCABFAABtIxgAAIARvpEKAAIPUAf8wHAJGugAWSw6p+kxAjYZLonacBdkV9ywAUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":116628,"flow_last_seen":116628,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":116628,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":2,"flow_last_seen":116679,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":116679,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBfMAAEARGTFQB\/zACgACDxrocAkC3\/Iip+kxAjYZLonacBdkV9ywAUQAAMACAAAGR1RLRwAAZxkkdSip9v6JKj37UBrDicBfjMAEUAf8wBroAQAAAASysOQuFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtUw=="}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":3,"flow_last_seen":116776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":116776,"pkt":"UlQAEjUCCAAn5uVZCABFAABte4sAAIAR7VYKAAIPLR+YcHAJaOMAWSdx+0cxAtvllYjgRR1H\/sPbPUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2005,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":3,"flow_last_seen":116859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":116859,"pkt":"UlQAEjUCCAAn5uVZCABFAABt9MUAAIARu2AKAAIPUkAsC3AJBUgAWR\/CHmUxAhaifRIPh7YCtQDKL0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
@@ -1135,22 +1182,30 @@
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2111,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":3,"flow_last_seen":123877,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":123877,"pkt":"UlQAEjUCCAAn5uVZCABFAABtptcAAIAR2PwKAAIPpIQKGXAJ2AYAWdpE9ZMxAnuYArMNMRKsJogRPUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2113,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2113,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_last_seen":123912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":123912,"pkt":"UlQAEjUCCAAn5uVZCABFAABtUhMAAIARg2YKAAIPGHRAhHAJyBsAWUp2fKAxAtxaLOqCcitFlOv4V0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2113,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2114,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2114,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_last_seen":123912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":123912,"pkt":"UlQAEjUCCAAn5uVZCABFAABt60MAAIARl6IKAAIP3cbNxHAJUSoAWRoYg28xAvjrsUFUSfHbBKidMkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2114,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2115,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2115,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_last_seen":123912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":123912,"pkt":"UlQAEjUCCAAn5uVZCABFAABtoEYAAIAR\/8UKAAIPV3s26nAJ03IAWfTcKgkxAlGmPJUzLkH07Ma7h0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2115,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2118,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":2,"flow_last_seen":124065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":124065,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBkcAAEARuhndxs3ECgACD1EqcAkC3zKOg28xAvjrsUFUSfHbBKidMkQAAMACAAAGR1RLRwAAhAWx\/4G\/aeOxkw5wrlcHOTlCresE3cbNxFEqAQAAAAT9knizFEdUS0cAAIPPdMtTw3ywAQrcKHskULaFt8T9BFd7NurTckdUS0cAAIBDDfCNVDqFgBWTNBe\/R1a2V7AXBLm7Sq3Q8UdUS0cAAI1c\/QX9I39S2eczHf8bGxQqBh3SBCaOd+rCRFdTSFIAAIsML3baZ9qjEzov01XuwUWPp8CvBBiB6TxOFldTSFIAAIgInuBYn2DWNYTpgSOhE3nGOSSqBGLQGpoTgldTSFIAAJMpLUy99S6l5+o3G\/7HZbY0zUPGBFnUW5sUS1NOT1cAAJJLJdecP9uDvZhuUeP7MwcedtuWBM8mo+QaekdUS0cAAJ6Xxzbx1oA8a67zMFTEYzHds+ukBEziVWkYyldTSFIAAJ7Bez1ZQQgPxovuLAykgS8CMrDdBLAKqQox\/0dUS0cAAJp\/6ofTpH0Z7c9sfONgy\/6jjg5ZBFTFYV4FUFdTSFIAAJgFqYyWS9v2Yq4KyYrmzTVJWc5SBGP6\/WMuK0dUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO0dUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAALd6AZ7svQKtiRxAHRTzpxSemu\/LBNXlb+ATDEdUS0cAALSr6ArQaneMzMJ81PWuqjO12gqLBLV2NdR1LkdUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo40dUS0cAAL1cZVAaZZhJTOPlkpw6jfT8aYRtBD\/kr6kHkA=="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2119,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":3,"flow_last_seen":124065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124065,"pkt":"UlQAEjUCCAAn5uVZCABFAABtOI8AAIAR8XkKAAIPubtKrXAJ0PEAWeogCGsxAoAKiW4WeGL5TjmTYEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2120,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2120,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_last_seen":124066,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124066,"pkt":"UlQAEjUCCAAn5uVZCABFAABtpB8AAIAR69kKAAIPJo536nAJwkQAWcjqSEIxAiBrw4qXLe42xzCJ9UQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2120,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2121,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2121,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":124066,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124066,"pkt":"UlQAEjUCCAAn5uVZCABFAABtsCgAAIARfIsKAAIPGIHpPHAJThYAWZr\/PMAxAkVlEJdEiTyKQUzsekQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2121,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2123,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2123,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":124090,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124090,"pkt":"UlQAEjUCCAAn5uVZCABFAABtt4sAAIAR+XsKAAIPYtAamnAJE4IAWYPzFGQxAgG2rIRjjgWOdH93UEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2123,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2124,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2124,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_last_seen":124090,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124090,"pkt":"UlQAEjUCCAAn5uVZCABFAABt2TsAAIARn8YKAAIPWdRbm3AJFEsAWd1KrbwxApZ9ZL+wNENsMFG4eUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2124,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":124090,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124090,"pkt":"UlQAEjUCCAAn5uVZCABFAABtN+oAAIARg3wKAAIPzyaj5HAJGnoAWUl8GqIxAsDHb8ARC\/TCVyKtTkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2126,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":2,"flow_last_seen":124181,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":124181,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBkkAAEARxyomjnfqCgACD8JEcAkC3z99SEIxAiBrw4qXLe42xzCJ9UQAAMACAAAGR1RLRwAAjVz9Bf0jf1LZ5zMd\/xsbFCoGHdIEJo536sJEAQAAAAT9X3JyFEdUS0cAAIQFsf+Bv2njsZMOcK5XBzk5Qq3rBN3GzcRRKkdUS0cAAIPPdMtTw3ywAQrcKHskULaFt8T9BFd7NurTckdUS0cAAIBDDfCNVDqFgBWTNBe\/R1a2V7AXBLm7Sq3Q8VdTSFIAAIsML3baZ9qjEzov01XuwUWPp8CvBBiB6TxOFldTSFIAAIgInuBYn2DWNYTpgSOhE3nGOSSqBGLQGpoTgldTSFIAAJMpLUy99S6l5+o3G\/7HZbY0zUPGBFnUW5sUS1NOT1cAAJJLJdecP9uDvZhuUeP7MwcedtuWBM8mo+QaekdUS0cAAJ6Xxzbx1oA8a67zMFTEYzHds+ukBEziVWkYyldTSFIAAJ7Bez1ZQQgPxovuLAykgS8CMrDdBLAKqQox\/0dUS0cAAJp\/6ofTpH0Z7c9sfONgy\/6jjg5ZBFTFYV4FUFdTSFIAAJgFqYyWS9v2Yq4KyYrmzTVJWc5SBGP6\/WMuK0dUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO0dUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAALd6AZ7svQKtiRxAHRTzpxSemu\/LBNXlb+ATDEdUS0cAALSr6ArQaneMzMJ81PWuqjO12gqLBLV2NdR1LkdUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo40dUS0cAAL1cZVAaZZhJTOPlkpw6jfT8aYRtBD\/kr6kHkA=="}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2164,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":126831,"flow_last_seen":126831,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":126831,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2164,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":126831,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":126831,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bCBAAIAGmjkKAAIPRXai5cSatzq0d6IdAAAAAIAC+vCtSgAAAgQFtAEDAwgBAQQC"}
@@ -1159,16 +1214,20 @@
00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2167,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":126831,"flow_last_seen":126944,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":513,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":126944,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2197,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_last_seen":129174,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129174,"pkt":"UlQAEjUCCAAn5uVZCABFAABtuPMAAIAR0zIKAAIPTOJVaXAJGMoAWVtEeBkxArN0R\/zFhR7fMHiNqUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2197,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2198,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2198,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":129174,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129174,"pkt":"UlQAEjUCCAAn5uVZCABFAABt3TUAAIAR+CYKAAIPsAqpCnAJMf8AWSFl+80xAiQL9J1qTYJox\/q2yUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2198,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2199,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2199,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":129174,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129174,"pkt":"UlQAEjUCCAAn5uVZCABFAABttG4AAIARw98KAAIPVMVhXnAJBVAAWURxEsIxAlakBl2ebhXyeemOeEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2199,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00532{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2200,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129210,"flow_last_seen":129210,"flow_idle_time":140000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":129210,"l3_proto":"ip4","src_ip":"84.197.97.94","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2200,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_last_seen":129210,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":129210,"pkt":"CAAn5uVZUlQAEjUCCABFwACJBngAAH8BcgpUxWFeCgACDwMDv5kAAAAARQAAbbRuAAB\/EcTfCgACD1TFYV5wCQVQAFlEcRLCMQJWpAZdnm4V8nnpjnhEAAA6AAAABUdUS0cAACidCo0G3v\/IJjwziXwskXn9hKthBF0v4jVwCQEBAACHpNmcaMjLrgz72SMJ7seAsLgKkg=="}
00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2200,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129210,"flow_last_seen":129210,"flow_idle_time":140000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":129210,"l3_proto":"ip4","src_ip":"84.197.97.94","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.868061}
01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":2,"flow_last_seen":129344,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":129344,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBnkAAEARwydM4lVpCgACDxjKcAkC3ybmeBkxArN0R\/zFhR7fMHiNqUQAAMACAAAGR1RLRwAAnpfHNvHWgDxrrvMwVMRjMd2z66QETOJVaRjKAQAAAAS4IqVOFEdUS0cAAIQFsf+Bv2njsZMOcK5XBzk5Qq3rBN3GzcRRKkdUS0cAAIPPdMtTw3ywAQrcKHskULaFt8T9BFd7NurTckdUS0cAAIBDDfCNVDqFgBWTNBe\/R1a2V7AXBLm7Sq3Q8UdUS0cAAI1c\/QX9I39S2eczHf8bGxQqBh3SBCaOd+rCRFdTSFIAAIsML3baZ9qjEzov01XuwUWPp8CvBBiB6TxOFldTSFIAAIgInuBYn2DWNYTpgSOhE3nGOSSqBGLQGpoTgldTSFIAAJMpLUy99S6l5+o3G\/7HZbY0zUPGBFnUW5sUS1NOT1cAAJJLJdecP9uDvZhuUeP7MwcedtuWBM8mo+QaeldTSFIAAJ7Bez1ZQQgPxovuLAykgS8CMrDdBLAKqQox\/0dUS0cAAJp\/6ofTpH0Z7c9sfONgy\/6jjg5ZBFTFYV4FUFdTSFIAAJgFqYyWS9v2Yq4KyYrmzTVJWc5SBGP6\/WMuK0dUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO0dUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAALSr6ArQaneMzMJ81PWuqjO12gqLBLV2NdR1LkdUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo40dUS0cAAL1cZVAaZZhJTOPlkpw6jfT8aYRtBD\/kr6kHkEdUS0cAALyzuhm5M4uYhLkABGRqZbdy38iOBGIjVe59rQ=="}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129345,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129345,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2202,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_last_seen":129345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129345,"pkt":"UlQAEjUCCAAn5uVZCABFAABtA3wAAIARyZcKAAIPY\/r9Y3AJLisAWcb1VskxAtkesLI2UdbrHnvJmEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2202,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129345,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129345,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2203,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":2,"flow_last_seen":129345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129345,"pkt":"UlQAEjUCCAAn5uVZCABFAABtFDMAAIARzrIKAAIPZAHninAJ3O4AWa5oGAExAiz8sZobXXh7jKY+cEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":2,"flow_last_seen":129345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129345,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTdUAAIARVp8KAAIPVBw14XAJrzsAWRB8uXsxAsNFs8rL71MevwvUD0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":10750,"flow_last_seen":10750,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":130927,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
@@ -1224,13 +1283,17 @@
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2310,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":2,"flow_last_seen":134428,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":134428,"pkt":"UlQAEjUCCAAn5uVZCABFAABtAsMAAIAR5egKAAIP1eVv4HAJEwwAWfhP39IxAiTPawjpKg8FqMjKpUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2360,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2360,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":139506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139506,"pkt":"UlQAEjUCCAAn5uVZCABFAABtAv8AAIARQCgKAAIPtXY11HAJdS4AWScUhfMxArbJ5SyHh4zpjzvfRkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2360,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2361,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2361,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_last_seen":139506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139506,"pkt":"UlQAEjUCCAAn5uVZCABFAABtYr4AAIAR3CUKAAIPP+SvqXAJB5AAWZrqJBYxAlmizjMkdrKTCQRuaEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2361,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2362,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2362,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_last_seen":139506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139506,"pkt":"UlQAEjUCCAAn5uVZCABFAABtewQAAIAR+1sKAAIPYiNV7nAJfa0AWf9BqZoxAuJR0ARRd\/sw16p3JUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2362,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2372,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":2,"flow_last_seen":139668,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":139668,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBs0AAEARedS1djXUCgACD3UucAkC3zh9hfMxArbJ5SyHh4zpjzvfRkQAAMACAAAGR1RLRwAAtKvoCtBqd4zMwnzU9a6qM7XaCosEtXY11HUuAQAAAARfhHP4FEdUS0cAAIQFsf+Bv2njsZMOcK5XBzk5Qq3rBN3GzcRRKkdUS0cAAIBDDfCNVDqFgBWTNBe\/R1a2V7AXBLm7Sq3Q8UdUS0cAAI1c\/QX9I39S2eczHf8bGxQqBh3SBCaOd+rCRFdTSFIAAIsML3baZ9qjEzov01XuwUWPp8CvBBiB6TxOFldTSFIAAIgInuBYn2DWNYTpgSOhE3nGOSSqBGLQGpoTgldTSFIAAJMpLUy99S6l5+o3G\/7HZbY0zUPGBFnUW5sUS1NOT1cAAJJLJdecP9uDvZhuUeP7MwcedtuWBM8mo+QaekdUS0cAAJ6Xxzbx1oA8a67zMFTEYzHds+ukBEziVWkYyldTSFIAAJ7Bez1ZQQgPxovuLAykgS8CMrDdBLAKqQox\/0dUS0cAAJp\/6ofTpH0Z7c9sfONgy\/6jjg5ZBFTFYV4FUFdTSFIAAJgFqYyWS9v2Yq4KyYrmzTVJWc5SBGP6\/WMuK0dUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO0dUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo40dUS0cAAL1cZVAaZZhJTOPlkpw6jfT8aYRtBD\/kr6kHkEdUS0cAALyzuhm5M4uYhLkABGRqZbdy38iOBGIjVe59rUdUS0cAALrtVGIh6HCMeHje7ytMi7+QCmj9BC\/grq4Yyg=="}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2373,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139669,"flow_last_seen":139669,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139669,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2373,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_last_seen":139669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139669,"pkt":"UlQAEjUCCAAn5uVZCABFAABtmlYAAIARtYwKAAIPL+CurnAJGMoAWfYTyxgxAvXWHJDN+FF7HrIjWEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2373,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139669,"flow_last_seen":139669,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139669,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2374,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":3,"flow_last_seen":139669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139669,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTeQAAIAR4qUKAAIPSfqz7XAJUXAAWTtzDAwxAhYFwQyFnvxYxDh4UUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2375,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":3,"flow_last_seen":139669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139669,"pkt":"UlQAEjUCCAAn5uVZCABFAABtxQMAAIAR4QkKAAIPvKXLvnAJVesAWccLy3UxAr1ooy\/Zmhwx1EOQ8UQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2379,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":3,"flow_last_seen":139695,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139695,"pkt":"UlQAEjUCCAAn5uVZCABFAABtX58AAIARHekKAAIPXNlUEHAJTv8AWRxrcuoxAvEddJz1CNyRxwOe00QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"}
@@ -1260,30 +1323,39 @@
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2725,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":3,"flow_last_seen":168391,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":168391,"pkt":"UlQAEjUCCAAn5uVZCABFAABtAwAAAIARQCcKAAIPtXY11HAJdS4AWVKoRtYxAgh8ZUKNU31EKcU+K0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2727,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168428,"flow_last_seen":168428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168428,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2727,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":168428,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":168428,"pkt":"UlQAEjUCCAAn5uVZCABFAABtVroAAIARN3AKAAIPxjraDHAJuygAWfAoVB4xAiIUq1VNOT5K4PsAnkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2727,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168428,"flow_last_seen":168428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168428,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2732,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168555,"flow_last_seen":168555,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168555,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_last_seen":168555,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":168555,"pkt":"UlQAEjUCCAAn5uVZCABFAABtB2EAAIARDDsKAAIPVoHEVHAJJrsAWdbAQsoxAjcNEhOQ8aGFyag54kQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2732,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168555,"flow_last_seen":168555,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168555,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2733,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":2,"flow_last_seen":168593,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":168593,"pkt":"CAAn5uVZUlQAEjUCCABFAALzB7wAAEARSVpWgcRUCgACDya7cAkC37LQQsoxAjcNEhOQ8aGFyag54kQAAMACAAAGR1RLRwAAUhNI53eBGeJh0nCkclkfZJnzMvMEVoHEVCa7AQAAAATmnBkoFEdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegkdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzukdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj1dTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqkdUS0cAABK1XVsEZ16ugW6JpsS4xfhpSq81BEjJ0DmW2UdUS0cAABZMZh8YJqCRZ8rsFWpJujOrF1VMBFHNWy2cyVdTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEA=="}
00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2734,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168594,"flow_last_seen":168594,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168594,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2734,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_last_seen":168594,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":168594,"pkt":"UlQAEjUCCAAn5uVZCABFAABtbeQAAIARLxYKAAIPvsDStnAJGmIAWe\/nYtExAgjn\/Ke847x2NG4oVEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2734,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168594,"flow_last_seen":168594,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168594,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2742,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168840,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168840,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2742,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_last_seen":168840,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":168840,"pkt":"UlQAEjUCCAAn5uVZCABFAABteiAAAIARB1cKAAIPUc1bLXAJlZkAWXbGOhUxApJjO\/JuqWKA3F9q70QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2742,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168840,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168840,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2744,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":2,"flow_last_seen":168854,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":168854,"pkt":"CAAn5uVZUlQAEjUCCABFAALzB8MAAEAR0rG+wNK2CgACDxpicAkC32qFYtExAgjn\/Ke847x2NG4oVEQAAMACAAAGR1RLRwAAVhpgfx\/FIwIUkbHoonVeeVgxwBsEvsDSthpiAQAAAAQZ71djFEdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegkdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzukdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj1dTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqkdUS0cAABK1XVsEZ16ugW6JpsS4xfhpSq81BEjJ0DmW2UdUS0cAABZMZh8YJqCRZ8rsFWpJujOrF1VMBFHNWy2cyVdTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeQ=="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2803,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":3,"flow_last_seen":174268,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174268,"pkt":"UlQAEjUCCAAn5uVZCABFAABybeUAAIARLxAKAAIPvsDStnAJGmIAXsbRDJkxAiMikaZOqXdSUPahXUQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2804,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":3,"flow_last_seen":174269,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174269,"pkt":"UlQAEjUCCAAn5uVZCABFAAByB2IAAIARDDUKAAIPVoHEVHAJJrsAXjsDcFExAhHLtY5GdmAVhlELQEQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="}
00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2806,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174303,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174303,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2806,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_last_seen":174303,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174303,"pkt":"UlQAEjUCCAAn5uVZCABFAAByStEAAIARbHkKAAIPwqO0fnAJKkkAXkeElzExAuaUt3SA\/qxG7F60jUQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2806,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174303,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174303,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2807,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":2,"flow_last_seen":174303,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174303,"pkt":"UlQAEjUCCAAn5uVZCABFAAByVrsAAIARN2oKAAIPxjraDHAJuygAXpm7NG4xAlN4rvcHLSWuyVzKGkQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2810,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":3,"flow_last_seen":174321,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174321,"pkt":"UlQAEjUCCAAn5uVZCABFAAByxlcAAIARNIMKAAIPjoSlDXAJd2YAXu8TjWExApO4DvtDKbdx2klNVkQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174322,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":174322,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174322,"pkt":"UlQAEjUCCAAn5uVZCABFAABy\/iwAAIARW1MKAAIPvBcY1XAJSIEAXn4ZciIxAgUt47TCA6DBC1+HrEQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174322,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174322,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":174322,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174322,"pkt":"UlQAEjUCCAAn5uVZCABFAAByI9AAAIARdPYKAAIPXgg3nnAJx8QAXqKieDQxAq3mE0dDpkvWQzLgPUQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174322,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2813,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":2,"flow_last_seen":174323,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":174323,"pkt":"CAAn5uVZUlQAEjUCCABFAALzB+sAAEAR7N7Co7R+CgACDypJcAkC36eTlzExAuaUt3SA\/qxG7F60jUQAAMACAAAGR1RLRwAAW5ZMJAC\/sp0EyBIYLqaZItjn8QIEwqO0fipJAQAAAAQkVMV3FEdUS0cAAFxg+taEWAYB1unX7flSWQRG3beNBGic4kjQCldTSFIAAFpCOi4aZIiG9lYEyciBumqkMMTzBMY62gy7KEdUS0cAAFf2jq05FgyfJOGIcRJLg6NdtQ1eBLw9NLcuTEdUS0cAAFYaYH8fxSMCFJGx6KJ1XnlYMcAbBL7A0rYaYkdUS0cAAFFI2BA3K8AVe0IqJAEnw9\/D630lBI6EpQ13ZkdUS0cAAFITSOd3gRniYdJwpHJZH2SZ8zLzBFaBxFQmu0dUS0cAAE3VqZZmQu9JEb4xS9XAL1zJJdrgBLwXGNVIgVdTSFIAAEwNRRSjJbzqx43c9rTKLbxkbHgKBF4IN57HxEdUS0cAAElxJg9dajjzW3txW7a4q7j8IGI0BFHNWy2VmUdUS0cAAEE1vJAZC\/Oid7YdKVGKEGbtSapFBJUco6\/DJFdTSFIAAEJDtkelhifx87ftq707Fzo\/U0PdBC+TNBWPeEdUS0cAAGqU5DC0wpx7Tt\/+AtuQJkODlGIrBC\/cuoxr+UdUS0cAAGSQPhJYYczqO9fA1uqwCWebPjcpBMEgftbozEdUS0cAAGfwY9tAxh1AXF0ZU2EOIfqDQ08tBHbwRccYzEdUS0cAAGcZJHUoqfb+iSo9+1Aaw4nAX4zABFAH\/MAa6EdUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzukdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mjw=="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2815,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":2,"flow_last_seen":174342,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174342,"pkt":"UlQAEjUCCAAn5uVZCABFAAByeiEAAIARB1EKAAIPUc1bLXAJlZkAXranfCExAmltWPgHip8OOUDUwEQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="}
00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174342,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174342,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_last_seen":174342,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174342,"pkt":"UlQAEjUCCAAn5uVZCABFAAByzKsAAIARKPUKAAIPlRyjr3AJwyQAXo4hNNYxAkNtQBP87WWbzy94OkQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174342,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174342,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174343,"flow_last_seen":174343,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174343,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_last_seen":174343,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174343,"pkt":"UlQAEjUCCAAn5uVZCABFAAByuwkAAIARD7sKAAIPL5M0FXAJj3gAXq06x7YxAq8Sv7XsAP61JE4GfUQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174343,"flow_last_seen":174343,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174343,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
01407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2827,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":2,"flow_last_seen":174648,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":174648,"pkt":"CAAn5uVZUlQAEjUCCABFAALzB\/MAAEARKy2VHKOvCgACD8MkcAkC37mfNNYxAkNtQBP87WWbzy94OkQAAMACAAAGR1RLRwAAQTW8kBkL86J3th0pUYoQZu1JqkUElRyjr8MkAQAAAAThq6+iFEdUS0cAAFxg+taEWAYB1unX7flSWQRG3beNBGic4kjQCkdUS0cAAFuWTCQAv7KdBMgSGC6mmSLY5\/ECBMKjtH4qSVdTSFIAAFpCOi4aZIiG9lYEyciBumqkMMTzBMY62gy7KEdUS0cAAFf2jq05FgyfJOGIcRJLg6NdtQ1eBLw9NLcuTEdUS0cAAFYaYH8fxSMCFJGx6KJ1XnlYMcAbBL7A0rYaYkdUS0cAAFFI2BA3K8AVe0IqJAEnw9\/D630lBI6EpQ13ZkdUS0cAAFITSOd3gRniYdJwpHJZH2SZ8zLzBFaBxFQmu1dTSFIAAEwNRRSjJbzqx43c9rTKLbxkbHgKBF4IN57HxEdUS0cAAElxJg9dajjzW3txW7a4q7j8IGI0BFHNWy2VmVdTSFIAAEJDtkelhifx87ftq707Fzo\/U0PdBC+TNBWPeEdUS0cAAGqU5DC0wpx7Tt\/+AtuQJkODlGIrBC\/cuoxr+UdUS0cAAGSQPhJYYczqO9fA1uqwCWebPjcpBMEgftbozEdUS0cAAGfwY9tAxh1AXF0ZU2EOIfqDQ08tBHbwRccYzEdUS0cAAGcZJHUoqfb+iSo9+1Aaw4nAX4zABFAH\/MAa6EdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzukdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZsldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAABZMZh8YJqCRZ8rsFWpJujOrF1VMBFHNWy2cyQ=="}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3065,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":191700,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191700,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00HEAAIARI3sKAAIPfCy+kXAJJ7oAIMCGR05EED8oAQFUC1FLUlAGUk5BXS\/iNQlw"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3066,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_last_seen":191700,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191700,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uoEAAIARu5gKAAIPXFhcOHAJUhEAIBhcR05EED8pAQFUC1FLUlAGUk5BXS\/iNQlw"}
@@ -1387,10 +1459,10 @@
00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":83805,"flow_last_seen":84251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50267,"dst_port":9239,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90740,"flow_last_seen":91408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50294,"dst_port":37058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":90825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":853,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":50296,"dst_port":3806,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
-00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90742,"flow_last_seen":91375,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90742,"flow_last_seen":91375,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":90746,"flow_last_seen":91439,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3759,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":50318,"dst_port":59596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":90864,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":50298,"dst_port":6578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
-01250{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":90746,"flow_last_seen":90948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3245,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+01223{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":90746,"flow_last_seen":90948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3245,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":84592,"flow_last_seen":85055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1144,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":50268,"dst_port":24751,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":91415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":903,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50297,"dst_port":45710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90747,"flow_last_seen":90850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50323,"dst_port":26253,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
@@ -1865,49 +1937,49 @@
00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82065,"flow_last_seen":82065,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82065,"flow_last_seen":82065,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82065,"flow_last_seen":82065,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174528,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174528,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82059,"flow_last_seen":251735,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82062,"flow_last_seen":251737,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":191703,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90005,"flow_last_seen":243646,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4494,"flow_avg_l4_payload_len":321,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90072,"flow_last_seen":163183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90005,"flow_last_seen":243646,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4494,"flow_avg_l4_payload_len":321,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90072,"flow_last_seen":163183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82063,"flow_last_seen":253025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":83520,"flow_last_seen":253025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":90184,"flow_last_seen":180130,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3575,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90184,"flow_last_seen":180130,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3575,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":90880,"flow_last_seen":251799,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5105,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":28681,"dst_port":59596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82063,"flow_last_seen":251735,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82060,"flow_last_seen":253024,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":88941,"flow_last_seen":179376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":90073,"flow_last_seen":174761,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3575,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89967,"flow_last_seen":152618,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00571{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90072,"flow_last_seen":180633,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5191,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90073,"flow_last_seen":174761,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3575,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89967,"flow_last_seen":152618,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90072,"flow_last_seen":180633,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5191,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":90809,"flow_last_seen":139723,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":191700,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82063,"flow_last_seen":251737,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":89966,"flow_last_seen":180691,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89966,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":89966,"flow_last_seen":180691,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89966,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82060,"flow_last_seen":192907,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82061,"flow_last_seen":132833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82057,"flow_last_seen":253025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00561{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82061,"flow_last_seen":253025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90871,"flow_last_seen":251762,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":28681,"dst_port":30566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00568{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174144,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174144,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131671,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00568{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90845,"flow_last_seen":174321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1001,"flow_avg_l4_payload_len":166,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":11852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82058,"flow_last_seen":251736,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82066,"flow_last_seen":253024,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":90138,"flow_last_seen":252085,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3710,"flow_avg_l4_payload_len":309,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90138,"flow_last_seen":252085,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3710,"flow_avg_l4_payload_len":309,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":89016,"flow_last_seen":176659,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4777,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82058,"flow_last_seen":191704,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00568{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90864,"flow_last_seen":124089,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":943,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90039,"flow_last_seen":180164,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5191,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90039,"flow_last_seen":180164,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5191,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00561{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":83518,"flow_last_seen":253026,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":132832,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82060,"flow_last_seen":253025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82058,"flow_last_seen":191703,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89829,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89829,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":251737,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131670,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82058,"flow_last_seen":191703,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1915,53 +1987,48 @@
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82061,"flow_last_seen":132833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82060,"flow_last_seen":253024,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":131672,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90138,"flow_last_seen":174723,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90005,"flow_last_seen":180322,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5191,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90138,"flow_last_seen":174723,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90005,"flow_last_seen":180322,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5191,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82064,"flow_last_seen":253025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90004,"flow_last_seen":163118,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":90138,"flow_last_seen":174930,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3575,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90004,"flow_last_seen":163118,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90138,"flow_last_seen":174930,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3575,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131673,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82058,"flow_last_seen":251738,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90183,"flow_last_seen":174679,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90183,"flow_last_seen":174679,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4128,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":280014,"flow_last_seen":280014,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":280014,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4128,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":280014,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":280014,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LMAAAER3GYKAAIP7\/\/\/+uDQB2wAtgxeTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4128,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":280014,"flow_last_seen":280014,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":280014,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4138,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":2,"flow_last_seen":281023,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":281023,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LQAAAER3GUKAAIP7\/\/\/+uDQB2wAtgxeTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4148,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":3,"flow_last_seen":282039,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":282039,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LUAAAER3GQKAAIP7\/\/\/+uDQB2wAtgxeTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":93713,"flow_last_seen":93713,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":93713,"flow_last_seen":93713,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":101162,"flow_last_seen":177309,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":95216,"flow_last_seen":162802,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":95264,"flow_last_seen":176255,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95754,"flow_last_seen":139756,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":101837,"flow_last_seen":251767,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":95443,"flow_last_seen":176562,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":101162,"flow_last_seen":177309,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":95216,"flow_last_seen":162802,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":95264,"flow_last_seen":176255,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95754,"flow_last_seen":139756,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":101837,"flow_last_seen":251767,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":95443,"flow_last_seen":176562,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":93714,"flow_last_seen":253026,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95784,"flow_last_seen":139896,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":95715,"flow_last_seen":139730,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95264,"flow_last_seen":179735,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":95893,"flow_last_seen":251793,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1751,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95923,"flow_last_seen":139892,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":95784,"flow_last_seen":139889,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95716,"flow_last_seen":139781,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00568{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95893,"flow_last_seen":123936,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":101122,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":95784,"flow_last_seen":146329,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":95716,"flow_last_seen":243760,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95784,"flow_last_seen":139896,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95715,"flow_last_seen":139730,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95264,"flow_last_seen":179735,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95893,"flow_last_seen":251793,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1751,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95923,"flow_last_seen":139892,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95784,"flow_last_seen":139889,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95716,"flow_last_seen":139781,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95893,"flow_last_seen":123936,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":101122,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95784,"flow_last_seen":146329,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":95716,"flow_last_seen":243760,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4200,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287308,"flow_last_seen":287308,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":287308,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4200,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_last_seen":287308,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":287308,"pkt":"UlQAEjUCCAAn5uVZCABFAABpuTwAAIARzSsKAAIPVtJRO3AJGMoAVf5iR05EED+uAQFMQVEyUApVRFBdL+I1CXBbSWKeSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4201,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287308,"flow_last_seen":287308,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":287308,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -2581,7 +2648,7 @@
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4701,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":2,"flow_last_seen":291154,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":291154,"pkt":"CAAn5uVZUlQAEjUCCABFAABKC5AAAEARIKNJWfkICgACD8XZcAkANp0565kxAgUhZoj\/+H2oSNwcAwEBABcAAADZxUlZ+Qi8AAAAAAAgAMOCUUtE05ynKA=="}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4702,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":3,"flow_last_seen":291154,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":291154,"pkt":"UlQAEjUCCAAn5uVZCABFAABUghEAAIARahcKAAIPSVn5CHAJxdkAQIPAXS\/iNTECAGQaxPLpTglwD4ABACEAAAD5AHBpbmtmbG95ZADDAlFLRNOcpygDU0NQQAFaQIJQUkA="}
00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4821,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":115369,"flow_last_seen":287650,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":302977,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00568{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4821,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":116628,"flow_last_seen":287381,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3123,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":302977,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4821,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":116628,"flow_last_seen":287381,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3123,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":302977,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4904,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":3,"flow_last_seen":311749,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":311749,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0tpYAAIARiEUKAAIP1XgaVnAJdPoAIL2TR05EED\/KAQFUC1FLUlAGUk5BXS\/iNQlw"}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4909,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_last_seen":311750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":311750,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0dUEAAIARISUKAAIPsKPnoHAJGMoAIHFJR05EED\/PAQFUC1FLUlAGUk5BXS\/iNQlw"}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4911,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_last_seen":311750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":311750,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0SbsAAIARjAIKAAIPdqbiRnAJGMoAILCeR05EED\/RAQFUC1FLUlAGUk5BXS\/iNQlw"}
@@ -2607,28 +2674,20 @@
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":312957,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":312957,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05pQAAIARsCAKAAIPTudJDnAJGMoAIHF1R05EED\/yAQFUC1FLUlAGUk5BXS\/iNQlw"}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4960,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":312961,"flow_last_seen":312961,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":312961,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4960,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_last_seen":312961,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":312961,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0s80AAIARSSgKAAIPpVSMYHAJOEAAILg+R05EED\/zAQFUC1FLUlAGUk5BXS\/iNQlw"}
-00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":124065,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":124065,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":124065,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":132833,"flow_last_seen":132833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":132833,"flow_last_seen":132833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":132831,"flow_last_seen":132831,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":132831,"flow_last_seen":132831,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129345,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129345,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":129174,"flow_last_seen":129344,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":129174,"flow_last_seen":129344,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":129345,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":129174,"flow_last_seen":129344,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131671,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131671,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131670,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131670,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":131669,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -2637,19 +2696,17 @@
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82061,"flow_last_seen":132833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":131672,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":131672,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":131668,"flow_last_seen":131668,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":131668,"flow_last_seen":131668,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131673,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131673,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":124066,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":836,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":124066,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":836,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":131671,"flow_last_seen":251736,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287421,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287890,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287421,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287890,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5033,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":2,"flow_last_seen":320290,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320290,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4TFkAAIARXF4KAAIPdqgPR3AJ5EoAJEU1rxgxAkijNFD\/98wlZJR4AwABAAUAAADDglFLQA=="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5034,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":2,"flow_last_seen":320290,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320290,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4bmsAAIARqKcKAAIPdPGionAJ4kkAJCDgNOsxArkJ75n\/2X37nQtxAwABAAUAAADDglFLQA=="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5035,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":2,"flow_last_seen":320290,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320290,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4R1AAAIARd9IKAAIPdqf43HAJ56gAJBG+sRMxAjM8jgr\/OCOtVAIyAwABAAUAAADDglFLQA=="}
@@ -2684,88 +2741,59 @@
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":2,"flow_last_seen":320292,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320292,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4CAEAAIARw78KAAIPcHfybnAJ6ecAJJt6ZMkxArsJiWn\/2NtEIIr3AwABAAUAAADDglFLQA=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5065,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":2,"flow_last_seen":320293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320293,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4sK0AAIARXRsKAAIPMjruo3AJGcIAJO3IbAsxAnYtXYL\/8bz\/pBe7AwABAAUAAADDglFLQA=="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5066,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":2,"flow_last_seen":320293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320293,"pkt":"UlQAEjUCCAAn5uVZCABFAAA419wAAIARwSYKAAIPTL1I5nAJH+EAJBtk6eoxAtFG13r\/NLEu9DR8AwABAAUAAADDglFLQA=="}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95754,"flow_last_seen":139756,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95754,"flow_last_seen":139756,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139669,"flow_last_seen":139669,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139669,"flow_last_seen":139669,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95754,"flow_last_seen":139756,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":139669,"flow_last_seen":139669,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":71204,"flow_last_seen":193763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":71204,"flow_last_seen":193763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95784,"flow_last_seen":139896,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95784,"flow_last_seen":139896,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":95715,"flow_last_seen":139730,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":95715,"flow_last_seen":139730,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95784,"flow_last_seen":139896,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95715,"flow_last_seen":139730,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":90809,"flow_last_seen":139723,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":90809,"flow_last_seen":139723,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95923,"flow_last_seen":139892,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95923,"flow_last_seen":139892,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":139506,"flow_last_seen":177166,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1954,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":139506,"flow_last_seen":168554,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89967,"flow_last_seen":152618,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89967,"flow_last_seen":152618,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89966,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89966,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":95216,"flow_last_seen":162802,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":95216,"flow_last_seen":162802,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90072,"flow_last_seen":163183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90072,"flow_last_seen":163183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95923,"flow_last_seen":139892,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":139506,"flow_last_seen":177166,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1954,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":139506,"flow_last_seen":168554,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89967,"flow_last_seen":152618,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89966,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":95216,"flow_last_seen":162802,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90072,"flow_last_seen":163183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":160009,"flow_last_seen":163034,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":51685,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90004,"flow_last_seen":163118,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90004,"flow_last_seen":163118,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90004,"flow_last_seen":163118,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5372,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":3,"flow_last_seen":350801,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":350801,"pkt":"UlQAEjUCCAAn5uVZCABFAABUUWcAAIARlZ8KAAIPVEfzPHAJhsIAQN+fXS\/iNTECAGQaxPLpTglwD4ABACEAAAD5AHBpbmtmbG95ZADDAlFLRO45aqEDU0NQQAFaQIJQUkA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5381,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":2,"flow_last_seen":350982,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":350982,"pkt":"UlQAEjUCCAAn5uVZCABFAAA49UMAAIARRGEKAAIPR++tEnAJWx8AJJ\/UjSsxAo9FSZH\/5RaddLKjAwABAAUAAADDglFLQA=="}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5386,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":3,"flow_last_seen":351110,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":351110,"pkt":"CAAn5uVZUlQAEjUCCABFAABKDVAAAEARbENH760SCgACD1sfcAkANlLBjSsxAo9FSZH\/5RaddLKjAwEBABcAAAAfW0fvrRIAAAAACAAAAMOCUUtEmW5VTg=="}
-00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":139506,"flow_last_seen":168554,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":139506,"flow_last_seen":168554,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":101122,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":101122,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":168555,"flow_last_seen":287464,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2374,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":168840,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":168594,"flow_last_seen":176963,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1959,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":168428,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":139506,"flow_last_seen":168554,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":101122,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":168555,"flow_last_seen":287464,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2374,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":168840,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":168594,"flow_last_seen":176963,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1959,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":168428,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5426,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":355387,"flow_last_seen":355387,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":355387,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.125.218.84","src_port":28681,"dst_port":17561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5426,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_last_seen":355387,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":355387,"pkt":"UlQAEjUCCAAn5uVZCABFAABDeM0AAIARhvwKAAIPVH3aVHAJRJkAL52kWv4xAksIMkL\/WuRk66hXAwABABAAAADDA1NDUEECglZDRUdUS0di"}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174528,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174528,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":95264,"flow_last_seen":176255,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":95264,"flow_last_seen":176255,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":95443,"flow_last_seen":176562,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":95443,"flow_last_seen":176562,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174528,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":95264,"flow_last_seen":176255,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":95443,"flow_last_seen":176562,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":88941,"flow_last_seen":179376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":88941,"flow_last_seen":179376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95264,"flow_last_seen":179735,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95264,"flow_last_seen":179735,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174343,"flow_last_seen":174343,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174343,"flow_last_seen":174343,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":168840,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":168840,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":168594,"flow_last_seen":176963,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1959,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":168594,"flow_last_seen":176963,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1959,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":139506,"flow_last_seen":177166,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1954,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":139506,"flow_last_seen":177166,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1954,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95264,"flow_last_seen":179735,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":174343,"flow_last_seen":174343,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":168840,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":168594,"flow_last_seen":176963,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1959,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":139506,"flow_last_seen":177166,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1954,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00581{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90845,"flow_last_seen":174321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1001,"flow_avg_l4_payload_len":166,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":11852,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90845,"flow_last_seen":174321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1001,"flow_avg_l4_payload_len":166,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":11852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":89016,"flow_last_seen":176659,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4777,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":89016,"flow_last_seen":176659,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4777,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":168428,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":168428,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90138,"flow_last_seen":174723,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90138,"flow_last_seen":174723,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90183,"flow_last_seen":174679,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90183,"flow_last_seen":174679,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00571{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":174303,"flow_last_seen":287509,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1210,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":174342,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":841,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":168428,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90138,"flow_last_seen":174723,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90183,"flow_last_seen":174679,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":174303,"flow_last_seen":287509,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1210,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":174342,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":841,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5591,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":371838,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":371838,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0taEAAIARR0oKAAIPbYTEOnAJGMoAINecR05EEEABAQFUC1FLUlAGUk5BXS\/iNQlw"}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5594,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":371838,"flow_last_seen":371838,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":371838,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5594,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_last_seen":371838,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":371838,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05JUAAIARi24KAAIPU4ZrIHAJl7QAIMvHR05EEEAEAQFUC1FLUlAGUk5BXS\/iNQlw"}
@@ -3048,48 +3076,48 @@
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82059,"flow_last_seen":433137,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82062,"flow_last_seen":431831,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82062,"flow_last_seen":431829,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":90005,"flow_last_seen":287355,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4793,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":90005,"flow_last_seen":287355,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4793,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82063,"flow_last_seen":373495,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":83520,"flow_last_seen":431830,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90184,"flow_last_seen":288014,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3860,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90184,"flow_last_seen":288014,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3860,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82063,"flow_last_seen":371839,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82060,"flow_last_seen":373496,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90073,"flow_last_seen":287523,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3852,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00571{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":90072,"flow_last_seen":320293,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5333,"flow_avg_l4_payload_len":313,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90073,"flow_last_seen":287523,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3852,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":90072,"flow_last_seen":320293,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5333,"flow_avg_l4_payload_len":313,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82062,"flow_last_seen":433134,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82063,"flow_last_seen":431830,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":89966,"flow_last_seen":287418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4798,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":89966,"flow_last_seen":287418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4798,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82061,"flow_last_seen":433137,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90039,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90039,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82057,"flow_last_seen":433136,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00561{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82061,"flow_last_seen":373494,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00568{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":89829,"flow_last_seen":287443,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":89829,"flow_last_seen":287443,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82058,"flow_last_seen":371836,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82066,"flow_last_seen":431830,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287634,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4009,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287634,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4009,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82058,"flow_last_seen":311750,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90864,"flow_last_seen":287337,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1242,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":90039,"flow_last_seen":287415,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5624,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":90039,"flow_last_seen":287415,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5624,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82059,"flow_last_seen":373496,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82060,"flow_last_seen":373497,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82058,"flow_last_seen":431829,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":89829,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":89829,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82062,"flow_last_seen":371838,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82058,"flow_last_seen":311749,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82060,"flow_last_seen":433136,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":90005,"flow_last_seen":287678,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5605,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":90005,"flow_last_seen":287678,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5605,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82064,"flow_last_seen":373495,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287483,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3990,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287483,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3990,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82058,"flow_last_seen":431830,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":280014,"flow_last_seen":283055,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":101162,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00568{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":101837,"flow_last_seen":289958,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287340,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00568{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287572,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2838,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":95716,"flow_last_seen":287440,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2001,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00568{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287579,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2031,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287857,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2839,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":95716,"flow_last_seen":426518,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":101162,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":101837,"flow_last_seen":289958,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287340,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287572,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2838,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95716,"flow_last_seen":287440,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2001,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287579,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2031,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287857,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2839,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":95716,"flow_last_seen":426518,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287425,"flow_last_seen":287425,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.148.100.237","src_port":28681,"dst_port":23459,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287425,"flow_last_seen":287425,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.148.100.237","src_port":28681,"dst_port":23459,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287428,"flow_last_seen":287428,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.124.66.33","src_port":28681,"dst_port":13060,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3110,14 +3138,12 @@
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287623,"flow_last_seen":287623,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.18.212.223","src_port":28681,"dst_port":50637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251763,"flow_last_seen":287316,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.199.108","src_port":28681,"dst_port":56040,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251763,"flow_last_seen":287316,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.199.108","src_port":28681,"dst_port":56040,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00751{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287650,"flow_last_seen":287650,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.206.27.26","src_port":28681,"dst_port":6578,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"2":"Match by IP"},"proto":"Tor","breed":"Potentially Dangerous","category":"VPN"}}
+00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287650,"flow_last_seen":287650,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.206.27.26","src_port":28681,"dst_port":6578,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287650,"flow_last_seen":287650,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.206.27.26","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287314,"flow_last_seen":287314,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287314,"flow_last_seen":287314,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":101162,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":101162,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":168555,"flow_last_seen":287464,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2374,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":168555,"flow_last_seen":287464,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2374,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":101162,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":168555,"flow_last_seen":287464,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2374,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00581{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":251765,"flow_last_seen":287535,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":251765,"flow_last_seen":287535,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287309,"flow_last_seen":287309,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3134,8 +3160,7 @@
00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287442,"flow_last_seen":287442,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":28681,"dst_port":64577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":243619,"flow_last_seen":287621,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.134.136","src_port":28681,"dst_port":21407,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":243619,"flow_last_seen":287621,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.134.136","src_port":28681,"dst_port":21407,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":90005,"flow_last_seen":287355,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4793,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":90005,"flow_last_seen":287355,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4793,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":90005,"flow_last_seen":287355,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4793,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.25.47","src_port":28681,"dst_port":21293,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.25.47","src_port":28681,"dst_port":21293,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287511,"flow_last_seen":287511,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.10.152","src_port":28681,"dst_port":21293,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3150,8 +3175,7 @@
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287441,"flow_last_seen":287441,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":28681,"dst_port":52274,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287600,"flow_last_seen":287600,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":62191,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287600,"flow_last_seen":287600,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":62191,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":124066,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":836,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":124066,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":836,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":124066,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":836,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3256,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287496,"flow_last_seen":287579,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3192,8 +3216,7 @@
00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":115369,"flow_last_seen":287650,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287498,"flow_last_seen":287498,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":2556,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287498,"flow_last_seen":287498,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":2556,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00581{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":101837,"flow_last_seen":289958,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":101837,"flow_last_seen":289958,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":101837,"flow_last_seen":289958,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287498,"flow_last_seen":287498,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.193.171.146","src_port":28681,"dst_port":53143,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287498,"flow_last_seen":287498,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.193.171.146","src_port":28681,"dst_port":53143,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287498,"flow_last_seen":287498,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.194.73","src_port":28681,"dst_port":1995,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3226,8 +3249,7 @@
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287621,"flow_last_seen":287621,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":54459,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":243618,"flow_last_seen":287682,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.172.10.90","src_port":28681,"dst_port":40162,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":243618,"flow_last_seen":287682,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.172.10.90","src_port":28681,"dst_port":40162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287421,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287421,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287421,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287312,"flow_last_seen":287312,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287312,"flow_last_seen":287312,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287485,"flow_last_seen":287485,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":28681,"dst_port":1630,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3236,8 +3258,7 @@
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287443,"flow_last_seen":287443,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287624,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.93.150.146","src_port":28681,"dst_port":62507,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287624,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.93.150.146","src_port":28681,"dst_port":62507,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90184,"flow_last_seen":288014,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3860,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
-00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90184,"flow_last_seen":288014,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3860,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90184,"flow_last_seen":288014,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3860,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287485,"flow_last_seen":287485,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":53516,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287485,"flow_last_seen":287485,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":53516,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287588,"flow_last_seen":287588,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.18.211.177","src_port":28681,"dst_port":18085,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3266,8 +3287,7 @@
00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287342,"flow_last_seen":288307,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":28681,"dst_port":33527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287623,"flow_last_seen":287623,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.36.234.196","src_port":28681,"dst_port":11629,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287623,"flow_last_seen":287623,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.36.234.196","src_port":28681,"dst_port":11629,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90073,"flow_last_seen":287523,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3852,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90073,"flow_last_seen":287523,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3852,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90073,"flow_last_seen":287523,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3852,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287599,"flow_last_seen":287599,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":28681,"dst_port":52669,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287599,"flow_last_seen":287599,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":28681,"dst_port":52669,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287442,"flow_last_seen":287442,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":28681,"dst_port":1512,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3276,8 +3296,7 @@
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287622,"flow_last_seen":287622,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":28681,"dst_port":8349,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287683,"flow_last_seen":287869,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.203.72.224","src_port":28681,"dst_port":9897,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287683,"flow_last_seen":287869,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.203.72.224","src_port":28681,"dst_port":9897,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00581{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":116628,"flow_last_seen":287381,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3123,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":116628,"flow_last_seen":287381,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3123,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":116628,"flow_last_seen":287381,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3123,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287497,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":28681,"dst_port":62234,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287497,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":28681,"dst_port":62234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287429,"flow_last_seen":287429,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":53707,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3316,8 +3335,7 @@
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251765,"flow_last_seen":287317,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.35.66.21","src_port":28681,"dst_port":22234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287442,"flow_last_seen":287442,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.64.156.63","src_port":28681,"dst_port":60092,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287442,"flow_last_seen":287442,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.64.156.63","src_port":28681,"dst_port":60092,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":89966,"flow_last_seen":287418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4798,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":89966,"flow_last_seen":287418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4798,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":89966,"flow_last_seen":287418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4798,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287511,"flow_last_seen":287511,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49803,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287511,"flow_last_seen":287511,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49803,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287526,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":28681,"dst_port":37814,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3352,8 +3370,7 @@
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251766,"flow_last_seen":287317,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.127.26.138","src_port":28681,"dst_port":3083,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287310,"flow_last_seen":287310,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287310,"flow_last_seen":287310,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90039,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90039,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90039,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287652,"flow_last_seen":287652,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.192.83.59","src_port":28681,"dst_port":33513,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287652,"flow_last_seen":287652,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.192.83.59","src_port":28681,"dst_port":33513,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287499,"flow_last_seen":287499,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.199.103","src_port":28681,"dst_port":2625,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3382,8 +3399,7 @@
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287625,"flow_last_seen":287625,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":6514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251799,"flow_last_seen":287319,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":47184,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251799,"flow_last_seen":287319,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":47184,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287340,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287340,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287340,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287588,"flow_last_seen":287588,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.36.106.134","src_port":28681,"dst_port":3927,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287588,"flow_last_seen":287588,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.36.106.134","src_port":28681,"dst_port":3927,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287526,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":6527,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3394,8 +3410,7 @@
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287682,"flow_last_seen":287682,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.249.190.8","src_port":28681,"dst_port":25198,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287699,"flow_last_seen":287699,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6564,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287699,"flow_last_seen":287699,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6564,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287890,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287890,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287890,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":243618,"flow_last_seen":287524,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.7.145.36","src_port":28681,"dst_port":33905,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":243618,"flow_last_seen":287524,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.7.145.36","src_port":28681,"dst_port":33905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":52420,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3404,8 +3419,7 @@
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":289962,"flow_last_seen":289962,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6599,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287497,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":28681,"dst_port":47329,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287497,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":28681,"dst_port":47329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00581{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":89829,"flow_last_seen":287443,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":89829,"flow_last_seen":287443,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":89829,"flow_last_seen":287443,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287321,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.72.149.140","src_port":28681,"dst_port":37848,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287321,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.72.149.140","src_port":28681,"dst_port":37848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287510,"flow_last_seen":287583,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.20.248.147","src_port":28681,"dst_port":30706,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3426,8 +3440,7 @@
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287497,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":28681,"dst_port":50679,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287444,"flow_last_seen":287781,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":28681,"dst_port":4814,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287444,"flow_last_seen":287781,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":28681,"dst_port":4814,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00581{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287572,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2838,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287572,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2838,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287572,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2838,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287652,"flow_last_seen":287652,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":8658,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287652,"flow_last_seen":287652,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":8658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287649,"flow_last_seen":287958,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.81.219.111","src_port":28681,"dst_port":19210,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3444,16 +3457,14 @@
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287466,"flow_last_seen":287466,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":59384,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287697,"flow_last_seen":287697,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.65.217.224","src_port":28681,"dst_port":9070,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287697,"flow_last_seen":287697,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.65.217.224","src_port":28681,"dst_port":9070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287634,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4009,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287634,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4009,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287634,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4009,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287588,"flow_last_seen":287588,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"159.196.95.223","src_port":28681,"dst_port":2003,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287588,"flow_last_seen":287588,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"159.196.95.223","src_port":28681,"dst_port":2003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287510,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.22.22.94","src_port":28681,"dst_port":34245,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287510,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.22.22.94","src_port":28681,"dst_port":34245,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287511,"flow_last_seen":287824,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.218.135.222","src_port":28681,"dst_port":4548,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287511,"flow_last_seen":287824,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.218.135.222","src_port":28681,"dst_port":4548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":95716,"flow_last_seen":287440,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2001,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":95716,"flow_last_seen":287440,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2001,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95716,"flow_last_seen":287440,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2001,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287426,"flow_last_seen":287647,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.170.108","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287426,"flow_last_seen":287647,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.170.108","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287619,"flow_last_seen":287619,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.83.5","src_port":28681,"dst_port":9128,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3464,14 +3475,12 @@
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287524,"flow_last_seen":287524,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.118.116.198","src_port":28681,"dst_port":44616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287698,"flow_last_seen":287698,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.91.30.216","src_port":28681,"dst_port":61635,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287698,"flow_last_seen":287698,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.91.30.216","src_port":28681,"dst_port":61635,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00581{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287579,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2031,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287579,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2031,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287579,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2031,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90864,"flow_last_seen":287337,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1242,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90864,"flow_last_seen":287337,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1242,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287589,"flow_last_seen":287589,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":28681,"dst_port":64731,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287589,"flow_last_seen":287589,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":28681,"dst_port":64731,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":90039,"flow_last_seen":287415,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5624,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":90039,"flow_last_seen":287415,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5624,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":90039,"flow_last_seen":287415,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5624,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":4364,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":4364,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287648,"flow_last_seen":287648,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":55050,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3498,8 +3507,7 @@
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287320,"flow_last_seen":287320,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":28681,"dst_port":52660,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287466,"flow_last_seen":287466,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.10.174.159","src_port":28681,"dst_port":4841,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287466,"flow_last_seen":287466,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.10.174.159","src_port":28681,"dst_port":4841,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":89829,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":89829,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":89829,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287314,"flow_last_seen":287314,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287314,"flow_last_seen":287314,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287858,"flow_last_seen":287858,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":28681,"dst_port":4297,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3546,8 +3554,7 @@
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287681,"flow_last_seen":287681,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":59978,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287525,"flow_last_seen":287525,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":28681,"dst_port":53195,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287525,"flow_last_seen":287525,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":28681,"dst_port":53195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00584{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":174303,"flow_last_seen":287509,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1210,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":174303,"flow_last_seen":287509,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1210,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":174303,"flow_last_seen":287509,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1210,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287424,"flow_last_seen":287424,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":42925,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287424,"flow_last_seen":287424,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":42925,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287387,"flow_last_seen":287752,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":28681,"dst_port":8890,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3568,8 +3575,7 @@
00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287316,"flow_last_seen":287316,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287442,"flow_last_seen":287442,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":28681,"dst_port":65274,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287442,"flow_last_seen":287442,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":28681,"dst_port":65274,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":90005,"flow_last_seen":287678,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5605,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":90005,"flow_last_seen":287678,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5605,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":90005,"flow_last_seen":287678,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5605,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287498,"flow_last_seen":287719,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":28681,"dst_port":15068,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287498,"flow_last_seen":287719,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":28681,"dst_port":15068,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":251768,"flow_last_seen":287699,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":28681,"dst_port":28365,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3592,8 +3598,7 @@
00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287487,"flow_last_seen":287487,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":28681,"dst_port":49737,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287426,"flow_last_seen":287426,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":28681,"dst_port":20347,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287426,"flow_last_seen":287426,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":28681,"dst_port":20347,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287486,"flow_last_seen":287486,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":28681,"dst_port":57492,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287486,"flow_last_seen":287486,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":28681,"dst_port":57492,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287385,"flow_last_seen":287385,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.176.62.40","src_port":28681,"dst_port":52889,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3602,8 +3607,7 @@
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287621,"flow_last_seen":287621,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":54436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287977,"flow_last_seen":288382,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287977,"flow_last_seen":288382,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287857,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2839,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287857,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2839,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287857,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2839,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287699,"flow_last_seen":287699,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.217.188.105","src_port":28681,"dst_port":62849,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287699,"flow_last_seen":287699,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.217.188.105","src_port":28681,"dst_port":62849,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287654,"flow_last_seen":287654,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.254.140.225","src_port":28681,"dst_port":63637,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3614,8 +3618,7 @@
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287623,"flow_last_seen":287623,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":53454,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251764,"flow_last_seen":287316,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.153.100","src_port":28681,"dst_port":4509,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251764,"flow_last_seen":287316,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.153.100","src_port":28681,"dst_port":4509,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287483,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3990,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287483,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3990,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287483,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3990,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287314,"flow_last_seen":287314,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287314,"flow_last_seen":287314,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287523,"flow_last_seen":287523,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.139.21.182","src_port":28681,"dst_port":50110,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3666,8 +3669,7 @@
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287429,"flow_last_seen":287429,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":28681,"dst_port":4315,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":243616,"flow_last_seen":288106,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":28681,"dst_port":29545,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":243616,"flow_last_seen":288106,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":28681,"dst_port":29545,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":174342,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":841,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":174342,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":841,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":174342,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":841,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287683,"flow_last_seen":287944,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287683,"flow_last_seen":287944,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251763,"flow_last_seen":287316,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.204.130.55","src_port":28681,"dst_port":29545,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3823,8 +3825,7 @@
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287355,"flow_last_seen":320291,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.24.129.230","src_port":28681,"dst_port":14766,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287356,"flow_last_seen":320291,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":20387,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287356,"flow_last_seen":320291,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":20387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00584{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":90072,"flow_last_seen":320293,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5333,"flow_avg_l4_payload_len":313,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":90072,"flow_last_seen":320293,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5333,"flow_avg_l4_payload_len":313,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":90072,"flow_last_seen":320293,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5333,"flow_avg_l4_payload_len":313,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287340,"flow_last_seen":320290,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":28681,"dst_port":14339,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287340,"flow_last_seen":320290,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":28681,"dst_port":14339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287340,"flow_last_seen":320290,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.222.160","src_port":28681,"dst_port":56121,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -3934,7 +3935,7 @@
00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7487,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":599426,"flow_last_seen":599426,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599426,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
01485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7488,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_packet_id":2,"flow_last_seen":599529,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":834,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":834,"pkt_l4_len":780,"thread_ts_msec":599529,"pkt":"MzMAAAAMCAAn5uVZht1gB0PFAwwRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dYOdgMMdjk8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvQnllPC93c2E6QWN0aW9uPjx3c2E6TWVzc2FnZUlEPnVybjp1dWlkOjk4Zjc0ZjcxLTZkZmMtNDYxMi05YzNjLTVjNTgwZWI4MzU5Njwvd3NhOk1lc3NhZ2VJRD48d3NkOkFwcFNlcXVlbmNlIEluc3RhbmNlSWQ9IjQ2IiBTZXF1ZW5jZUlkPSJ1cm46dXVpZDo3NjczODllMC1lZTlhLTRjMWMtYjkwMi0yMGNiODFkMjAzZTAiIE1lc3NhZ2VOdW1iZXI9IjUiPjwvd3NkOkFwcFNlcXVlbmNlPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOkJ5ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDo3NDdmM2Q5Ni02OGE3LTQzZjEtOGNiZS1lOGQ2ZGFkZDAzNTg8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOkJ5ZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7489,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_packet_id":2,"flow_last_seen":599747,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":599747,"pkt":"MzMAAAAWCAAn5uVZht1gAAAAACQAAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAOKkAAAAAQMAAAD\/AgAAAAAAAAAAAAAAAAAM"}
-00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7490,"source":"gnutella.pcap","alias":"nDPId-test","packets-captured":7490,"packets-processed":7468,"total-skipped-flows":0,"total-l4-data-len":3617715,"total-not-detected-flows":547,"total-guessed-flows":4,"total-detected-flows":98,"total-detection-updates":3,"total-updates":298,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3937,"global_ts_msec":600247}
+00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7490,"source":"gnutella.pcap","alias":"nDPId-test","packets-captured":7490,"packets-processed":7468,"total-skipped-flows":0,"total-l4-data-len":3617715,"total-not-detected-flows":478,"total-guessed-flows":2,"total-detected-flows":170,"total-detection-updates":3,"total-updates":298,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3938,"global_ts_msec":600247}
00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65062,"flow_last_seen":74093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65062,"flow_last_seen":74093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":312956,"flow_last_seen":493286,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -4252,22 +4253,21 @@
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493288,"flow_last_seen":493288,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493288,"flow_last_seen":493288,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":71205,"flow_last_seen":593376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":5915,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
-00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":95716,"flow_last_seen":426518,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":95716,"flow_last_seen":426518,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":95716,"flow_last_seen":426518,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}}
00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":72853,"flow_last_seen":553212,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":72853,"flow_last_seen":553212,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","packets-captured":7491,"packets-processed":7468,"total-skipped-flows":0,"total-l4-data-len":3617715,"total-not-detected-flows":699,"total-guessed-flows":4,"total-detected-flows":98,"total-detection-updates":3,"total-updates":298,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":4259,"global_ts_msec":600247}
+00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","packets-captured":7491,"packets-processed":7468,"total-skipped-flows":0,"total-l4-data-len":3617715,"total-not-detected-flows":629,"total-guessed-flows":2,"total-detected-flows":170,"total-detection-updates":3,"total-updates":298,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":4259,"global_ts_msec":600247}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 7491/7468
~~ skipped flows.............: 0
~~ total layer4 data length..: 3617715 bytes
-~~ total detected protocols..: 98
+~~ total detected protocols..: 170
~~ total active/idle flows...: 801/801
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6120436 bytes
-~~ total memory freed........: 6120436 bytes
-~~ total allocations/frees...: 123300/123300
+~~ total memory allocated....: 7020160 bytes
+~~ total memory freed........: 7020160 bytes
+~~ total allocations/frees...: 128079/128079
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 179 chars
~~ json string max len.......: 1916 chars
Powered by cgit, Themed by Ted Yin.